{"id":2818,"date":"2020-08-20T14:17:47","date_gmt":"2020-08-20T18:17:47","guid":{"rendered":"https:\/\/www.bu.edu\/met\/?post_type=profile&#038;p=2818"},"modified":"2026-05-26T12:32:00","modified_gmt":"2026-05-26T16:32:00","slug":"shengzhi-zhang","status":"publish","type":"profile","link":"https:\/\/www.bu.edu\/met\/profile\/shengzhi-zhang\/","title":{"rendered":"Shengzhi Zhang"},"content":{"rendered":"<p>Dr. Shengzhi Zhang earned his PhD in computer science and engineering from Penn State University in 2012. His research focuses on cybersecurity, including but not limited to AI security, Internet of Things (IoT) security, automobile security, mobile security, and operating system security, among others. He has most recently worked as an assistant professor in the department of computer science at the Florida Institute of Technology. Prior to academia, Dr. Zhang conducted various research projects in Cisco, IBM, and Honeywell Aerospace labs. He has published many papers and served as program committee members in top-tier security conferences and journals.<\/p>\n<div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h2 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Research Interests<\/h2><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/p>\n<ul>\n<li>AI security<\/li>\n<li>IoT security<\/li>\n<li>Automobile Security<\/li>\n<li>Mobile Security<\/li>\n<li>System Security<\/li>\n<\/ul>\n<p><\/div>\n<\/div>\n\n<div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h2 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Courses<\/h2><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/p>\n<ul><div class=\"course-feed\"><\/p>\n<li>MET CS 544 \u2013 Foundations of Analytics and Data Visualization<\/li>\n<p><\/p>\n<li>MET CS 595 \u2013 Cybersecurity Fundamentals<\/li>\n<p><\/p>\n<li>MET CS 674 \u2013 Database Security<\/li>\n<p><\/p>\n<li>MET CS 690 \u2013 Network and Cloud Security<\/li>\n<p><\/p>\n<li>MET CS 787 \u2013 AI and Cybersecurity<\/li>\n<p><\/p>\n<li>MET CS 793 \u2013 Special Topics in Computer Science<\/li>\n<p><\/div><\/ul>\n<p><\/div>\n<\/div>\n\n<div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h2 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Scholarly Works<\/h2><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/p>\n<p><strong>Book Chapters<\/strong><\/p>\n<p>Xuejing Yuan, Yuxuan Chen, Kai Chen, Shengzhi Zhang, and XiaoFeng Wang. \u201cAdversarial Attacks Against Deep Learning-Based Speech Recognition Systems.\u201d Chapter in <em>Cyber Security Meets Machine Learning<\/em>, edited by S. Jajodia, Xiaofeng Chen, Willy Susilo, and Elisa Bertino (Springer 2021). ISBN: 978-981-33-6726-5<\/p>\n<p>Peng Liu, Xiaoqi Jia, Shengzhi Zhang, Xi Xiong, Yoon-chan Jhi, Kun Bai, and Jason H. Li. \u201cCross-Layer Damage Assessment for Cyber Situational Awareness.\u201d In <em>Cyber Situational Awareness: Issues and\u00a0<\/em><em>Research<\/em>, edited by S. Jajodia, P. Liu, V. Swarup, and C. Wang (Springer International Series on Advances in Information Security, November 2009). ISBN: 98-1-4419-0139-2<\/p>\n<p><strong>Refereed Journal Articles<\/strong><\/p>\n<p>Qianyun, Yang, Peizhuo Lv, Yingjiu Li, Shengzhi Zhang, Yuxuan, Chen, Zhiwei Chen, Zixu Li, and Yupeng Hu. \u201cERASE: Bypassing Collaborative Detection of AI Counterfeit via Comprehensive Artifacts Elimination.\u201d <em>IEEE Transactions on Dependable and Secure Computing<\/em> (accepted with major revision).<\/p>\n<p>Mengjie Sun, Peizhuo Lv, Shengzhi Zhanng, Jianshuo Liu, Kai Chen, Hong Li, Zhi Li, Qinhong, Jiang, and Limin Sun. \u201cEMI Backdoor: An Electromagnetic-Interference-based Backdoor Attack Against Computer Vision System.\u201d <em>Journal of Computer Security<\/em> (accepted).<\/p>\n<p>Congyi Li, Peizhuo Lv, Yuan Gao, Xuejing Yuan, Shengzhi Zhang, Kai Chen, Yingjun Zhang, and Yingjiu Li. \u201cFedWM: Data-Free Watermarking for Model Ownership Protection in Federated Learning.\u201d <em>IEEE Transactions on Dependable and Secure Computing<\/em> (accepted).<\/p>\n<p>Zhou Qihang, Cao Wenzhuo, Jia Xiaoqi, Xu Shaowen, Chen Jiayun, Jiang Nan, Zhang Zhicong, Song Zhenyu, Du Haichao, Xie Yamin, Song Chen, Tang Jing, Yin Peijie, Zhang Shengzhi, and Liu Peng. \u201cFlexClave: An Extensible and Secure Trusted Execution Environment Framework.\u201d <em>IEEE Transactions on Computers<\/em> 75, no. 4 (2026). <a href=\"https:\/\/doi.org\/10.1109\/TC.2026.3654947\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1109\/TC.2026.3654947<\/a><\/p>\n<p>Hong Zhu, Shengzhi Zhang, and Kai Chen. \u201cAI-Shielder: Exploiting Backdoors to Defend against Adversarial Attacks.\u201d <em>IEEE Transactions on Dependable and Secure Computing<\/em> 23, no. 1 (2025). <a href=\"https:\/\/doi.org\/10.1109\/TDSC.2025.3612270\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1109\/TDSC.2025.3612270<\/a><\/p>\n<p>Yun He, Xiaoqi Jia, Shengzhi Zhang, and Lou Chitkushev. \u201cSeFS: A Secure and Efficient File Sharing Framework based on the Trusted Execution Environment.\u201d <em>EAI Endorsed Transactions on Security and Safety<\/em> 9, no. 1 (2025). <a href=\"https:\/\/doi.org\/10.4108\/eetss.v9i1.2854\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.4108\/eetss.v9i1.2854<\/a><\/p>\n<p>Qihang Zhou, Wenzhuo Cao, Xiaoqi Jia, Shengzhi Zhang, Jiayun Chen, Nan Jiang, Weijuan Zhang, Haichao Du, Zhenyu Song, and Qingjia Huang. \u201cHClave: An isolated execution environment design for hypervisor runtime security.\u201d <em>Computers &#038; Security<\/em> Vol. 144 (2024). <a href=\"https:\/\/doi.org\/10.1016\/j.cose.2024.103923\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1016\/j.cose.2024.103923<\/a><\/p>\n<p>Hong Zhu, Yue Zhao, Shengzhi Zhang, and Kai Chen. \u201cNeuralSanitizer: Detecting Backdoors in Neural Networks.\u201d <em>IEEE Transactions on Information Forensics &#038; Security<\/em> vol. 19 (2024): 4970\u20134985. <a href=\"https:\/\/doi.org\/10.1109\/TIFS.2024.3390599\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1109\/TIFS.2024.3390599<\/a><\/p>\n<p>Lv, Qianwei, Luo, He, Wang, Guoqiang, Tai, Jianwei, and Zhang, Shengzhi. \u201cPEDI-GAN: Power Equipment Data Imputation based on Generative Adversarial Networks with Auxiliary Encoder.\u201d <em>Journal of Supercomputing<\/em> vol. 80 (2024): 11893\u201311922. <a href=\"https:\/\/doi.org\/10.1007\/s11227-024-05891-7\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1007\/s11227-024-05891-7<\/a><\/p>\n<p>Peizhuo Lv, Pan Li, Shengzhi Zhang, Kai Chen, Ruigang Liang, Hualong Ma, Yue Zhao, and Yingjiu Li. \u201cA Robustness-Assured White-Box Watermark in Neural Networks.\u201d <em>IEEE Transactions on Dependable and Secure Computing<\/em> 20, no. 6 (2023): 5214\u20135229. <a href=\"https:\/\/doi.org\/10.1109\/TDSC.2023.3242737\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1109\/TDSC.2023.3242737<\/a><\/p>\n<p>Juan Wang, Wenzhe Yi, Mengda Yang, Jiaci Ma, Shengzhi Zhang, and Shirong Hao. \u201cEnhance the trust between IoT devices, mobile apps, and the cloud based on blockchain.\u201d <em>Journal of Network and Computer Application<\/em> 218, article 103718 (September 2023). <a href=\"https:\/\/doi.org\/10.1016\/j.jnca.2023.103718\" rel=\"noopener\" target=\"_blank\">https:\/\/doi.org\/10.1016\/j.jnca.2023.103718<\/a><\/p>\n<p>Yuxuan Chen, Jiangshan Zhang, Xuejing Yuan, Shengzhi Zhang, Kai Chen, Xiaofeng Wang, and Shanqing Guo. \u201cSoK: A Modularized Approach to Study the Security of Automatic Speech Recognition Systems.\u201d <em>ACM Transactions on Privacy and Security<\/em> 25, no. 3 (August 2022).<\/p>\n<p>Yuxuan Chen, Xuejing Yuan, Aohui Wang, Kai Chen, Shengzhi Zhang, and Heqing Huang. \u201cManipulating Users\u2019 Trust on Amazon Echo: Compromising Smart Home from Outside.\u201d <em>EAI Endorsed Trans. Security Safety<\/em> 6, no. 22 (April 2020).<\/p>\n<p>Le Guan, Chen Cao, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. \u201cBuilding a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM.\u201d <em>IEEE Transactions on Dependable and Secure Computing<\/em> 16, no. 3 (2019): 438\u2013453.<\/p>\n<p>Shengzhi Zhang, Xiaoqi Jia, and Peng Liu. \u201cTowards service continuity for transactional applications via diverse device drivers.\u201d <em>International Journal of Information and Computer Security<\/em> 8, no. 4 (2016): 382\u2013400.<\/p>\n<p>Shengzhi Zhang, Wenjie Wang, Haishan Wu, Athanasios V. Vasilakos, and Peng Liu. \u201cTowards transparent and distributed workload management for large scale web servers.\u201d <em>Future Generation Computer Systems <\/em>29, no. 4 (2013): 913\u2013925.<\/p>\n<p>Xiaoqi Jia, Rui Wang, Jun Jiang, Shengzhi Zhang, and Peng Liu. \u201cDefending return-oriented programming based on virtualization techniques.\u201d <em>Security and Communication Networks<\/em> 6, no. 10 (2013): 1236\u00ad\u20131249.<\/p>\n<p>Shengzhi Zhang and Sang-Jo Yoo. \u201cHidden node collision recovery protocol for low rate wireless personal area networks.\u201d <em>Wireless Communications and Mobile Computing<\/em> 12, no. 15 (2012): 1351\u20131362.<\/p>\n<p>Shengzhi Zhang, Xiaoqi Jia, Peng Liu, and Jiwu Jing. \u201cPEDA: Comprehensive Damage Assessment for Production Environment Server Systems.\u201d <em>IEEE Transactions on Information Forensics and Security\u00a0<\/em>6, no. 4 (2011): 1323\u00ad\u20131334.<\/p>\n<p><strong>Refereed Conference and Workshop Papers<\/strong><\/p>\n<p>Xuejing Yuan, Jiangshan Zhang, Feng Guo, Kai Chen, XiaoFeng Wang, Shengzhi Zhang, Yuxuan Chen, Dun Liu, Pan Li, Zihao Wang, and Runnan Zhu. \u201cEvilHarmony: Stealthy Adversarial Attacks against Black-box Speech Recognition Systems.\u201d IEEE Symposium on Security and Privacy (SP), 2025.<\/p>\n<p>Peizhuo Lv, Mengjie Sun, Hao Wang, Xiaofeng Wang, Shengzhi Zhang, Yuxuan Chen, Kai Chen, and Limin Sun. \u201cRAG-WM: An Efficient Black-Box Watermarking Approach for Retrieval-Augmented Generation of Large Language Models.\u201d ACM Conference on Computer and Communications Security (CCS), 2025.<\/p>\n<p>Li Pan, Peizhuo Lv, Kai Chen, Shengzhi Zhang, Cai Yuling, and Xiang Fan. \u201cA Model Stealing Attack against Multi-exit Networks.\u201d IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), 2025.<\/p>\n<p>Qihang Zhou, Wenzhuo Cao, Xiaoqi Jia, Peng Liu, Shengzhi Zhang, Jiayun Chen, Shaowen Xu, and Zhenyu Song. \u201cRContainer: A Secure Container Architecture through Extending ARM CCA Hardware Primitives.\u201d Network and Distributed System Security Symposium (NDSS), 2025.<\/p>\n<p>Xiangji Chen, Jingqi Wu, Shengzhi Zhang, and Wu Zhou. \u201cReflections on the Security of In-Vehicle Connectivity.\u201d EAI International Conference on Intelligent Transport Systems (INTSYS), 2025.<\/p>\n<p>Benyamin Tafreshian and Shengzhi Zhang. \u201cA Defensive Framework Against Adversarial Attacks on Machine Learning-Based Network Intrusion Detection Systems.\u201d International Workshop on AI-Driven Trust, Security and Privacy in Computer Networks, 2024.<\/p>\n<p>Jun Li, Yuting Zhang, Wu Zhou, and Shenzhi Zhang. \u201cExploring Permission Control Flaws in Mini-apps.\u201d International Workshop on AI-Driven Trust, Security and Privacy in Computer Networks, 2024.<\/p>\n<p>Yang Chen, Shengzhi Zhang, Xiaoqi Jia, Qihang Zhou, Heqing Huang, Shaowen Xu, and Haochao Du. \u201cSEDSpec: Securing Emulated Devices by Enforcing Execution Specification.\u201d IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), 2024.<\/p>\n<p>Peizhuo Lv, Hualong Ma, Kai Chen, Jiachen Zhou, Shengzhi Zhang, Ruigang Liang, Shenchen Zhu, Pan Li, and Yingjun Zhang. \u201cMEA-Defender: A Robust Watermark against Model Extraction Attack.\u201d IEEE Symposium on Security and Privacy (SP), 2024.<\/p>\n<p>Peizhuo Lv, Pan Li, Shenchen Zhu, Shengzhi Zhang, Kai Chen, Ruigang Liang, Chang Yue, Fang Xiang, Yuling Cai, Hualong Ma, Yingjun Zhang, and Guozhu Meng. \u201cSSL-WM: A Black-Box Watermarking Approach for Encoders Pre-trained by Self-Supervised Learning.\u201d Network and Distributed System Security Symposium (NDSS), 2024.<\/p>\n<p>Peizhuo Lv, Chang Yue, Ruigang Liang, Yunfei Yang, Shengzhi Zhang, Hualong Ma, and Kai Chen. \u201cA Data-free Backdoor Injection Approach in Neural Networks.\u201d USENIX Security, 2023.<\/p>\n<p>Hong Zhu, Shengzhi Zhang, and Kai Chen. \u201cAI-Guardian: Defeating Adversarial Attacks using Backdoors.\u201d IEEE Symposium on Security and Privacy (SP), 2023.<\/p>\n<p>Peizhuo Lv, Hualong Ma, Jiachen Zhou, Ruigang Liang, Kai Chen, Shengzhi Zhang, and Yunfei Yang. \u201cDBIA: Data-Free Backdoor Attack Against Transformer Networks.\u201d IEEE International Conference on Multimedia &#038; Expo (ICME), 2023.<\/p>\n<p>Qihang Zhou, Xiaoqi Jia, Shengzhi Zhang, Nan Jiang, Jiayun Chen, and Weijuan Zhang. \u201cSecFortress: Securing Hypervisor using Cross-layer Isolation.\u201d IEEE International Parallel and Distributed Processing Symposium (IPDPS), 2022.<\/p>\n<p>Yue Yu, Xiaoqi Jia, Xun An, and Shengzhi Zhang. \u201cAn Efficient Use-after-Free Mitigation Approach via Static Dangling Pointer Nullification.\u201d International Federation for Information Processing Conference on ICT Systems Security and Privacy Protection (IFIP SEC), 2022.<\/p>\n<p>Yuxiao Luo, Jianwei Tai, Xiaoqi Jia, and Shengzhi Zhang. \u201cPractical Backdoor Attack Against Speaker Recognition System.\u201d International Symposium on Photonics and Electronics Convergence (ISPEC), 2022.<\/p>\n<p>Yun He, Xiaoqi Jia, Shengzhi Zhang, and Lou Chitkushev. \u201cEnShare: Sharing Files Securely and Efficiently in the Cloud Using Enclave.\u201d IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2022.<\/p>\n<p>Yue Zhao, Hong Zhu, Kai Chen, and Shengzhi Zhang. \u201cAI-Lancet: Locating Error-inducing Neurons to Optimize Neural Networks.\u201d ACM Conference on Computer and Communications Security (CCS), 2021.<\/p>\n<p>Yuxuan Chen, Xuejing Yuan, Jiangshan Zhang, Yue Zhao, Shengzhi Zhang, Kai Chen, and Xiaofeng Wang. \u201cDevil\u2019s Whisper: A General Approach for Physical Adversarial Attacks against Commercial Black-box Speech Recognition Devices.\u201d USENIX Security Symposium, 2020.<\/p>\n<p>Jianwei Tai, Xiaoqi Jia, Qingjia Huang, Weijuan Zhang, Haichao Du, and Shengzhi Zhang. \u201cSEEF-ALDR: A Speaker Embedding Enhancement Framework via Adversarial Learning based Disentangled Representation.\u201d IEEE Annual Computer Security Applications Conference (ACSAC), 2020.<\/p>\n<p>Yun He, Yihua Xu, Xiaoqi Jia, Shengzhi Zhang, Peng Liu, and Shuai Chang. \u201cEnclavePDP: A General Framework to Verify Data Integrity in Cloud Using Intel SGX.\u201d International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2020.<\/p>\n<p>Jianagqi Li, Wang Juan, Jun Song, and Shenzhi Zhang. \u201cIoT-Portrait: Combining Active and Passive Identification of IoT Devices via Deep Learning.\u201d IEEE International Conference on Internet of Things, 2020.<\/p>\n<p>Yue Zhao, Hong Zhu, Ruigang Liang, Qintao Shen, Shengzhi Zhang, and Kai Chen. \u201cSeeing isn\u2019t Believing: Towards More Robust Adversarial Attack Against Real World Object Detectors.\u201d ACM Conference on Computer and Communications Security (CCS), 2019.<\/p>\n<p>Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Xiaokang Liu, Kai Chen, Shengzhi Zhang, Heqing Huang, Xiaofeng Wang, and Carl A. Gunter. \u201cCommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition.\u201d USENIX Security Symposium, 2018.<\/p>\n<p>Weijuan Zhang, Xiaoqi Jia, Shengzhi Zhang, Rui Wang, and Peng Liu. \u201cRunning OS Kernel in Separate Domains: A New Architecture for Applications and OS Services Quarantine.\u201d Asia-Pacific Software Engineering Conference (APSEC), 2018.<\/p>\n<p>Xuejing Yuan, Yuxuan Chen, Aohui Wang, Kai Chen, Shengzhi Zhang, Heqing Huang, and Ian Molloy. \u201cAll Your Alexa Are Belong to Us: A Remote Voice Control Attack against Echo.\u201d IEEE Global Communications Conference (GLOBECOM), 2018.<\/p>\n<p>Shengzhi Zhang, Omar Makke, Oleg Yu Gusikhin, Ayush Shah, and Athanasios Vasilakos. &#8220;A security model for dependable vehicle middleware and mobile applications connection.&#8221; In <em>VEHITS 2018: Proceedings of the 4th International Conference on Vehicle Technology and Intelligent Transport Systems<\/em>, edited by Gusikhin, O. and Helfert, M. (2018): 379\u2013386.<\/p>\n<p>Xuejing Yuan, Yuxuan Chen, Yue Zhao, Yunhui Long, Kai Chen, Shengzhi Zhang, Heqing Huang, and Xiaofeng Wang. \u201cCommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition.&#8221; In <em>Proceedings of the 27<sup>th<\/sup> Usenix Security Symposium<\/em>, Baltimore, Maryland (2018): 40\u201364.<\/p>\n<p>Le Guan, Peng Liu, Xinyu Xing, Xinyang Ge, Shengzhi Zhang, Meng Yu, and Trent Jaeger. \u201cTrust-Shadow: Secure Execution of Unmodified Applications with ARM TrustZone.\u201d The 15<sup>th<\/sup> ACM International Conference on Mobile Systems, Applications, and Services (Mobisys 2017).<\/p>\n<p>Shengzhi Zhang, Xiaoqi Jia, and Weijuan Zhang. \u201cTowards Comprehensive Protection for Open Flow Controllers.\u201d The 19<sup>th<\/sup> Asia-Pacific Network Operations and Management Symposium (APNOMS 2017). (Best paper award)<\/p>\n<p>Sultan Aldossary, William Allen, and Shengzhi Zhang. \u201cMathematical Model for Using Moving Target Defense to Mitigate Memory Randomization Weaknesses.\u201d The 4<sup>th<\/sup> Annual Conference on Computational Science and Computational Intelligence (2017).<\/p>\n<p>Weijuan Zhang, Xiaoqi Jia, Chang Wang, Shengzhi Zhang, Qingjia Huang, Mingsheng Wang, and Peng Liu. \u201cA Comprehensive Study of Co-residence Threat in Multi-tenant Public PaaS Clouds.\u201d The 18<sup>th<\/sup> IEEE International Conference on Information and Communications Security (ICICS 2016).<\/p>\n<p>Zimin Lin, Rui Wang, Xiaoqi Jia, Shengzhi Zhang, and Chuankun Wu. \u201cClassifying Android Malware with Dynamic Behavior Dependency Graphs.\u201d The 15<sup>th<\/sup> IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TRUSTCOM 2016).<\/p>\n<p>Zimin Lin, RuiWang, Xiaoqi Jia, Shengzhi Zhang, and Chuankun Wu. \u201cAnalyzing Android Repackaged Malware by Decoupling Their Event Behaviors.\u201d International Workshop on Security (IWSEC 2016). (Award paper.)<\/p>\n<p>Mark Fioravanti, Ayush Shah, and Shengzhi Zhang. \u201cA Study of Network Domains Used in Android Applications.\u201d The 9<sup>th<\/sup> International Conference on Network and System Security (NSS 2015).<\/p>\n<p>Craig Sanders, Ayush Shah, and Shengzhi Zhang. \u201cComprehensive Analysis of the Google Play\u2019s Auto-Update Policy.\u201d The 11<sup>th<\/sup> International Conference on Information Security Practice and Experience (ISPEC 2015).<\/p>\n<p>Rui Wang, Xiaoqi Jia, Qinlei Li, and Shengzhi Zhang. \u201cMachine Learning based Cross-site Scripting Detection in Online Social Network.\u201d The 6<sup>th<\/sup> International Symposium on Cyberspace Safety and Security (CSS 2014).<\/p>\n<p>Shengzhi Zhang and Peng Liu. \u201cAssessing the Trustworthiness of Drivers.\u201d The 15<sup>th<\/sup> International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012).<\/p>\n<p>Shengzhi Zhang and Peng Liu. \u201cLetting Applications Operate through Attacks Launched from Compromised Device Drivers.\u201d ACM Conference on Data and Application Security and Privacy (ASIACCS 2012).<\/p>\n<p>Jun Jiang, Xiaoqi Jia, Dengguo Feng, Shengzhi Zhang, and Peng Liu. \u201cHyperCrop: A Hypervisor-based Countermeasure for Return Oriented Programming.\u201d In <em>Proceedings of the 13<sup>th<\/sup> International\u00a0<\/em><em>Conference on Information and Communications Security (ICICS 2011)<\/em>, November 2011.<\/p>\n<p>Shengzhi Zhang, Haishan Wu, Wenjie Wang, Bo Yang, Peng Liu, and Athanasios V. Vasilakos. \u201cDistributed Workload and Response Time Management for Web Applications.\u201d In <em>Proceedings of the 7<sup>th<\/sup> International Conference on Network and Service Management (CNSM 2011)<\/em>, October 2011.<\/p>\n<p>Junfeng Yu, Shengzhi Zhang, Peng Liu, and Zhitang Li. \u201cLeakProber: A Framework for Profiling Sensitive Data Leakage Path.\u201d In <em>Proceedings of the first ACM Conference on Data and Application Security\u00a0<\/em><em>and Privacy (CODASPY \u201911)<\/em>, February 2011: 75\u201384.<\/p>\n<p>Shengzhi Zhang, Xiaoqi Jia, Peng Liu, and Jiwu Jing. \u201cCross-Layer Comprehensive Intrusion Harm Analysis for Availability-Critical Server Systems.\u201d In <em>Proceedings of the 26<sup>th<\/sup> Annual Computer Security\u00a0<\/em><em>Applications Conference (ACSAC \u201910)<\/em>, December 2010: 297\u2013306.<\/p>\n<p>Shengzhi Zhang, Xi Xiong, and Peng Liu. \u201cChallenges in Improving the Survivability of Data Centers.\u201d In <em>Proceedings of Workshop on Survivability in Cyberspace<\/em>, April 2010. (Invited paper.)<\/p>\n<p>Shengzhi Zhang, Xi Xiong, Xiaoqi Jia, and Peng Liu. \u201cAvailability-Sensitive Intrusion Recovery.\u201d In\u00a0<em>Proceedings\u00a0<\/em><em>of<\/em><em> the\u00a0<\/em><em>2<sup>nd<\/sup> <\/em><em>ACM workshop on Virtual machine security (VMSec \u201909),<\/em>\u00a0November 2009: 43\u201348. (Position paper.)<\/p>\n<p>Xiaoqi Jia, Shengzhi Zhang, Jiwu Jing, and Peng Liu. \u201cUsing Virtual Machines to Do Cross-Layer Damage Assessment.\u201d In <em>Proceedings of the 1<sup>st<\/sup> ACM Workshop on Virtual Machine Security (VMSec\u00a0<\/em><em>\u201908)<\/em>, October 2008: 29\u201338.<\/p>\n<p>Shengzhi Zhang and Sang-Jo Yoo. \u201cFast Recovery from Hidden Node Collision for IEEE 802.15.4 LR-WPANs.\u201d In <em>Proceedings of the 7th IEEE International Conference on Computer and Information\u00a0<\/em><em>Technology<\/em> <em>(CIT 2007)<\/em>, November 2007: 393\u2013398.<\/p>\n<p><strong>Technical Report<\/strong><\/p>\n<p>Shengzhi Zhang, Srivatsan Varadarajan, and Allalaghatta Pavan. \u201cNon-Interference Verification of Zeroization.\u201d Technical Report in Platform Systems Group, Honeywell Aerospace.<\/p>\n<p><strong>Posters<\/strong><\/p>\n<p>Hong Zhu, Shengzhi Zhang, and Kai Chen. \u201cAI-Guardian: Defeating Adversarial Attacks Using Backdoors.\u201d NCAE-C Research Symposium, 2023.<\/p>\n<p>Shengzhi Zhang, Xiaoqi Jia, and Peng Liu. \u201cRupi\u2019s Dance: Cross-Layer Comprehensive Infection Diagnosis for Availability-Critical Server Systems.\u201d In poster section of the 5<sup>th<\/sup> ACM SIGOPS EuroSys Conference (Eurosys 2010).<\/p>\n<p><strong>Inventions and Patents<\/strong><\/p>\n<p>Sang-Jo Yoo, Shengzhi Zhang, and Ju-hyun Lee. \u201cAdaptive Hidden Node Collision Recovery Protocol for IEEE 802.15.4 LR-WPANs.\u201d Patent NO. 10-0896986, filed with Korean Intellectual Property Office on May 4, 2009.<\/p>\n<p><\/div>\n<\/div>\n\n<div class=\"bu_collapsible_container \" aria-live=\"polite\" data-customize-animation=\"false\"><h2 class=\"bu_collapsible\" aria-expanded=\"false\"tabindex=\"0\" role=\"button\">Faculty Q&amp;A<\/h2><div class=\"bu_collapsible_section\" style=\"display: none;\"><\/p>\n<div id=\"FaculityQA\">\n<p><strong>What is your area of expertise?<\/strong><br \/>\nMy research focuses on cyber security, especially security issues that could impact people\u2019s daily life, such as AI security, IoT security, automobile security, and smartphone security.<\/p>\n<p><strong>Please tell us about your work. Can you share any current research or recent publications?<\/strong><br \/>\nCurrently, I have three ongoing projects. The first is to study the security issues in machine learning, especially deep neural networks (DNN). We craft hard-to-notice \u201cperturbations\u201d into audio\/video\/image, which can deceive the DNN-based recognition systems and cause a misprediction. For instance, a voice recognition system, e.g., Google Assistant, may decode \u201ccall 911\u201d from a song integrated with our perturbation, but people listening to the song would not be able to interpret that. Such \u201cadversarial attacks\u201d in machine learning not only exist in voice\/image recognition, but also in object detection (widely used in autonomous driving) based on our research.<\/p>\n<p>This research was covered by\u00a0<em>The Register<\/em> (<a href=\"https:\/\/www.theregister.com\/2018\/01\/30\/boffins_songs_ai_assistants\/\" target=\"_blank\" rel=\"noopener noreferrer\">https:\/\/www.theregister.co.uk\/2018\/01\/30\/boffins_songs_ai_assistants<\/a>) and was included in the following publications: \u201c<a href=\"https:\/\/arxiv.org\/pdf\/1801.08535\" target=\"_blank\" rel=\"noopener noreferrer\">CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition<\/a>\u201d (<em>Proceedings of the 27<sup>th<\/sup>\u00a0Usenix Security Symposium<\/em>, Baltimore, Maryland, 2018) and \u201c<a href=\"https:\/\/arxiv.org\/pdf\/1812.10217\" target=\"_blank\" rel=\"noopener noreferrer\">Practical Adversarial Attack Against Object Detector<\/a>\u201d (arXiv, preprint arXiv:1812.10217).<\/p>\n<p>The second project is to comprehensively protect the execution environment for unmodified applications running on ARM-based IoT devices. By taking advantage of ARM TrustZone technology, we construct a trusted execution environment for security-critical applications, which is isolated from the untrusted operating systems. Publications in this area include \u201c<a href=\"https:\/\/doi.org\/10.1145\/3081333.3081349\" target=\"_blank\" rel=\"noopener noreferrer\">TrustShadow: Secure execution of unmodified applications with ARM trustzone<\/a>\u201d (<em>Proceedings of the 15<sup>th\u00a0<\/sup>ACM International Conference on Mobile Systems, Applications, and Services<\/em>, Niagara Falls, New York, 2017) and \u201c<a href=\"https:\/\/doi.org\/10.1109\/TDSC.2018.2861756\" target=\"_blank\" rel=\"noopener noreferrer\">Building a Trustworthy Execution Environment to Defeat Exploits from both Cyber Space and Physical Space for ARM<\/a>\u201d (IEEE Transactions on Dependable and Secure Computing, 2018).<\/p>\n<p>Finally, there is a joint project with Ford Motor Company designing a security model for the headunit systems on future cars. Car manufacturers, such as Ford, are developing the next generation headunit systems with software modules and connectivity, giving the passenger\/driver a seamless experience and increasing safety while driving the vehicle. We are collaborating to propose a novel security model that integrates cryptography, network security, and system security approaches to eliminate the threats against car security. You can read more in \u201c<a href=\"https:\/\/ltu.diva-portal.org\/smash\/record.jsf?pid=diva2%3A1244559\" target=\"_blank\" rel=\"noopener noreferrer\">A security model for dependable vehicle middleware and mobile applications connection<\/a>\u201d (VEHITS 2018: Proceedings of the 4<sup>th<\/sup>\u00a0International Conference on Vehicle Technology and Intelligent Transport Systems).<\/p>\n<p><strong>How does the subject you work in apply in practice? What is its application?<\/strong><br \/>\nI will take the first aforementioned project as an example to explain the practical impact of our research.<\/p>\n<p>Recently, Deep Neural Networks have advanced artificial intelligence in many areas, such as speech recognition, face recognition, strategic games, and, especially, in some safety critical tasks, such as autonomous driving and medical diagnostics. However, deep neural networks are known to be vulnerable to adversarial examples, which leverage a few perturbations on original inputs to fool neural networks into misclassification. Most of the recent research is limited to image classifiers, rather than speech recognition or object detectors. Our research reveals that the adversarial attacks can also be crafted against speech recognition and object detection systems. Such findings demonstrate that using the deep learning techniques without security in mind will significantly impact the safety of everyone\u2019s daily life.<\/p>\n<p>For instance, our work \u201cCommanderSong\u201d crafts small perturbations into a song, thus enabling the \u201crevised\u201d song to be decoded by speech recognition system as a valid command to operate\u2014even while a human would not be able to interpret the command. Consider a modern home with Amazon Echo connected to smart locks, lights, switches, and more. The resident gets home, tired, and starts music streaming from YouTube. If the song from YouTube happens to be the \u201cCommanderSong\u201d uploaded by us (supposing we are hackers), Amazon Echo will be triggered to decode valid commands from the song\u2014for instance, \u201cEcho, open the door\u201d (the exact command to be decoded can be controlled by the perturbations we added into the original song). Then Echo will operate the command and unlock the door. Due to the small perturbations, the command in the revised song can\u2019t be interpreted by human ears, and it would even be hard for a person to notice any anomaly, based on our survey. Considering the popularity of speech recognition in smart homes, smartphones, and even cars, security countermeasures are highly demanded when using deep neural networks in speech recognition.<\/p>\n<p>Another example of an adversarial attack is to deceive the modern DNN-based object detectors, widely used in many fields such as autonomous driving. For instance, most of the existing autonomous driving cars rely on cameras to capture the surrounding environment, from which the object detectors recognize stop signs, traffic lights, pedestrians, and so forth. Our research demonstrates two kinds of adversarial attacks against object detectors: a \u201chiding\u201d attack that fools the detector, rendering it unable to recognize the object; and an \u201cappearing\u201d attack that fools the detector into falsely recognizing a non-existent object. For the hiding attack, we attached our carefully crafted perturbations onto a stop sign, which the object detector was then unable to recognize from different angles and distances. For the appearing attack, the object detector marks our crafted adversarial image as a traffic light, but a driver would not interpret it the same way. Since object detectors play a significant role in autonomous driving, such adversarial attacks require immediate attention to assure the safety of passengers.<\/p>\n<p><strong>What course(s) do you teach at MET?<\/strong><br \/>\nI teach <a href=\"https:\/\/www.bu.edu\/met\/courses\/graduate\/computer-science\/#course-METCS544\">Foundation of Analytics with R (MET CS 544)<\/a>.<\/p>\n<p><strong>Please highlight a particular project within this course that most interests your students. If you previously worked in industry, what \u201creal-life\u201d exercises do you bring to class?<\/strong><br \/>\nMy students are encouraged to choose datasets based on their own interests, and apply the analytics techniques learned in class to analyze the data. Since students taking CS 544 have diverse backgrounds\u2014from departments of biology, finance, mechanical engineering, psychology, etc.\u2014they typically have their own specific dataset that they want to analyze. The project allows students to target their datasets, as well as the ones that are closely related to their own research, which makes the project highly \u201cpractical\u201d and \u201cappealing\u201d to students.<\/p>\n<\/div>\n<p><\/div>\n<\/div>\n\n<h4>What advice do you have for new students?<\/h4>\n<blockquote><p><em>Information Technology has become a very broad field. Pick areas within IT that interest you the most. You will enjoy your work, develop a habit of continuing learning, and add experience to rely on in the future.<\/em><\/p><\/blockquote>\n","protected":false},"author":16254,"template":"","_links":{"self":[{"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/profile\/2818"}],"collection":[{"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/profile"}],"about":[{"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/types\/profile"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/users\/16254"}],"version-history":[{"count":20,"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/profile\/2818\/revisions"}],"predecessor-version":[{"id":100071,"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/profile\/2818\/revisions\/100071"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/met\/wp-json\/wp\/v2\/media?parent=2818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}