🧑‍💻 About Me

I am an Assistant Research Professor of Institute for Network Sciences and Cyberspace, Tsinghua University. My research focuses on enhancing the security of critical network infrastructures. I am broadly interested in network security, cellular system security, and data-driven approaches to security. My recent work investigates security vulnerabilities in 4G/5G cellular networks and the Public Key Infrastructure (PKI). Prior to my current position, I was a postdoctoral fellow at Tsinghua University from 2022 to 2024, co-advised by Professor Haixin Duan. I received my Doctoral degree in Computer Science and Technology at Tsinghua in 2022, and my Bachelor degree in Fundamental Science of Mathematics and Physics at Tsinghua in 2017.

📣 Hiring: our group is continuously looking for highly motivated PhD/Master/undergraduate students and research interns, please free to reach out via email (zhangyiming@tsinghua.edu.cn).

I also welcome academic collaborations in any form—please don’t hesitate to get in touch.

🔥 News

• 2025.02: Joined the Institute for Network Sciences and Cyberspace at Tsinghua as a faculty.
• 2024.10:  🎉🎉 Two papers accpeted by NDSS 2025.

📝 Publications

(*: Equal Contribution; #: Corresponding Author)

2025

• [Invade the Walled Garden: Evaluating GTP Security in Cellular Networks]. Yiming Zhang, Tao Wan, Yaru Yang, Haixin Duan, Yichen Wang, Jianjun Chen, Zixiang Wei, Xiang Li, IEEE SP 2025 (CCF-A, Big4).
• Automatic Insecurity: Exploring Email Auto-configuration in the Wild. Shushang Wen, Yiming Zhang#, Yuxiang Shen, Bingyu Li, Haixin Duan, Jingqiang Lin#, NDSS 2025 (CCF-A, Big4).
• Cross-Origin Web Attacks via HTTP/2 Server Push and Signed HTTP Exchange. Pinji Chen, Jianjun Chen, Mingming Zhang, Qi Wang, Yiming Zhang, Haixin Duan, Mingwei Xu, Haixin Duan, NDSS 2025 (CCF-A, Big4).

2024

• Into the Dark: Unveiling Internal Site Search Abused for BlackHat SEO. Yunyi Zhang, Mingxuan Liu, Baojun Liu, Yiming Zhang, Haixin Duan, Min Zhang, Hui Jiang, Yanzhe Li, Fan Shi, USENIX Security 2024 (CCF-A, Big4).
• Tickets or Privacy? Understand the Ecosystem of Mobile Ticket Grabbing Apps. Yijing Liu, Yiming Zhang, Baojun Liu, Haixin Duan, Qiang Li, Mingxuan Liu, Ruixuan Li, Jia Yao, USENIX Security 2024 (CCF-A, Big4).
• Uncovering Security Vulnerabilities in Real-world Implementation and Deployment of 5G Messaging Services. Yaru Yang, Yiming Zhang#, Tao Wan, Chuhan Wang, Haixin Duan#, Jianjun Chen, Yishen Li, WiSec 2024.
• Understanding the Implementation and Security Implications of Protective DNS Services. Mingxuan Liu, Yiming Zhang, Xiang Li, Chaoyi Lu, Baojun Liu, Haixin Duan, Xiaofeng Zheng, NDSS 2024 (CCF-A, Big4).

Before 2024

• Detecting and Measuring Security Risks of Hosting-Based Dangling Domains. Mingming Zhang, Xiang Li, Baojun Liu, Jianyu Lu, Yiming Zhang#, Jianjun Chen#, Haixin Duan, Shuang Hao, Xiaofeng Zheng, SIGMETRICS 2023.
• Automatic Generation of Adversarial Readable Chinese Texts. Mingxuan Liu, Zihan Zhang, Yiming Zhang, Chao Zhang, Zhou Li, Qi Li, Haixin Duan and Donghong Sun, TDSC 2022 (CCF-A).
• Exploring the Characteristics and Security Risks of Emerging Emoji Domain Names. Mingxuan Liu, Yiming Zhang, Baojun Liu, Haixin Duan, ESORICS 2022.
• Ethics in Security Research: Visions, Reality, and Paths Forward. Yiming Zhang, Mingxuan Liu, Mingming Zhang, Chaoyi Lu, Haixin Duan, EthiCS 2022 (Best Student Paper).
• Measuring the Deployment of 5G Security Enhancement. Shiyue Nie, Yiming Zhang, Tao Wan, Haixin Duan, Song Li, WiSec 2022.
• Detecting and Characterizing SMS Spearphising Attacks. Mingxuan Liu, Yiming Zhang, Baojun Liu, Zhou Li, Haixin Duan, Donghong Sun, ACSAC 2021.
• Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li, Zaifeng Zhang, CCS 21 (CCF-A, Big4) [Slides]. Media Coverage: [The Register], [Help Net Security], [APNIC BLOG].
• On Evaluating Delegated Digital Signing of Broadcasting Messages in 5G. Hui Gao, Yiming Zhang, Tao Wan, Jia Zhang, Haixin Duan, Globecom 2021.
• From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR. Chaoyi Lu, Baojun Liu, Yiming Zhang, Zhou Li, Fenglu Zhang, Haixin Duan, Ying Liu, Joann Qiongna Chen, Jinjin Liang, Zaifeng Zhang, Shuang Hao and Min Yang. NDSS 2021 (CCF-A, Big4).
• Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China. Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Shuang Hao, Mingxuan Liu, Ying Liu, Dong Wang and Qiang Li, CCS 2020 (CCF-A, Big4) [Dataset].
• Argot: Generating Adversarial Readable Chinese Texts. Zihan Zhang, Mingxuan Liu, Chao Zhang, Yiming Zhang, Zhou Li, Qi Li, Haixin Duan and Donghong Sun, IJCAI 2020.
• TraffickStop: Detecting and Measuring Illicit Traffic Monetization Through Large-scale DNS Analysis. Baojun Liu, Zhou Li, Peiyuan Zong, Chaoyi Lu, Haixin Duan, Ying Liu, Sumayah Alrwais, Xiaofeng Wang, Shuang Hao, Yaoqi Jia, Yiming Zhang, Kai Chen and Zaifeng Zhang, Euro SP 2019.
• [教育类官网推广感染研究]. 王郁, 张一铭, 张甲, 段海新, 通信学报 2018.

🎖 Honors and Awards

• 2022, Shuimu Tsinghua Scholar, Tsinghua University.
• 2022, Outstanding Graduate of Computer Science and Technology, Tsinghua University.
• 2022, Best Student Paper Award, EthiCS 22 (Euro SP Workshop).
• 2018, Tsinghua-Samsung Scholarship, Tsinghua University.
• 2016, National Scholarship.

📖 Educations

• 2017.08 - 2022.06, Ph.D., Department of Computer Science and Technology, Tsinghua University.
• 2013.08 - 2017.06, B.Sc., Department of Physics (Fundamental Science of Mathematics and Physics), Tsinghua University.

💬 Invited Talks

• 2024.08, Into the Dark: Unveiling Internal Site Search Abused for BlackHat SEO (oral presentation at USENIX 2024), Philadelphia, USA.
• 2024.06, 5G security from a network evolution perspective: practical challenges and research progress, USTC, Hefei, China.
• 2024.02, Understanding the Implementation and Security Implications of Protective DNS Services (oral presentation at NDSS 2024), San Diego, USA.
• 2023.05, Security Challenges and Solutions in HTTPS Deployments, APNIC ISIF Project, Beijing, China.
• 2021.11, Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem (oral presentation at CCS 2021). Online.
• 2021.06, Ethics in Cybersecurity and Network Measurement Research, Inforsec, Beijing, China.
• 2020.11, Lies in the Air: Characterizing Fake-base-station Spam Ecosystem in China (oral presentation at CCS 2020). Online.

📝 Services

• Artificial Evaluate Committee, USENIX Security 2025
• Artificial Evaluate Committee, NDSS 2025
• Artificial Evaluate Committee, CoNEXT 2023
• Technical Committee, Securecomm 2023