Research

Publications

DBLP, Google Scholar, ORCID

Conference papers

Junjian Ye, Xavier de Carné de Carnavalet, Lianying Zhao, Lifa Wu, Mengyuan Zhang. “Understanding Home Router Configuration Habits & Attitudes”, ACM CHI Conference on Human Factors in Computing Systems (CHI ‘25’), Yokohama, Japan, April 26-May 1, 2025. [author copy]
Minjie Cai, Xavier de Carné de Carnavalet, Siqi Zhang, Lianying Zhao, Mengyuan Zhang, “Towards Exploring Cross-Regional and Cross-Platform Differences in Login Throttling”, Nordic Conference on Secure IT systems (NordSec ‘24), Karlstad, Sweden, Nov. 2024. [author copy]
Onur Duman, Mengyuan Zhang, Lingyu Wang, Mourad Debbabi, “SecMonS: A Security Monitoring Framework for IEC 61850 Substations Based on Configuration Files and Logs”, Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA ‘24), Lausanne, Switzerland, July 17-19, 2024.
Junjian Ye, Xavier de Carné de Carnavalet, Mengyuan Zhang, Lianying Zhao, Lifa Wu, Wei Zhang, “Exposed by Default: A Security Analysis of Home Router Default Settings,” ACM ASIA Conference on Computer and Communications Security (AsiaCCS ‘24), Singapore, July 1-5, 2024. [author copy]
Siqi Zhang, Minjie Cai, Mengyuan Zhang, Lianying Zhao, Xavier de Carné de Carnavalet, “The Flaw Within: Identifying CVSS Scores Discrepancies in the NVD,” IEEE International Conference on Cloud Computing Technology and Science (CloudCom ‘23), Napoli, Italy, Dec. 4-6, 2023. [author copy]
Siqi Zhang, Mengyuan Zhang, Lianying Zhao, “VIET: A Tool for Extracting Essential Information from Vulnerability Descriptions for CVSS Evaluation,” IFIP Annual Conference on Data and Applications Security and Privacy (DBSec ‘23), Sophia Antipolis, France, July 19-21, 2023. [author copy]
Azadeh Tabiban, Heyang Zhao, Yosr Jarraya, Makan Pourzandi, Mengyuan Zhang, Lingyu Wang, “ProvTalk: Towards Interpretable Multi-level Provenance Analysis in Networking Function Virtualization (NFV)”, Network and Distributed System Security Symposium (NDSS ‘22), San Diego, CA, USA, Feb. 27-Mar. 3, 2022. [author copy]
Mohammad Mahdi Ghorbani, Fereydoun Farrahi Moghaddam, Mengyuan Zhang, Makan Pourzandi, Kim Khoa Nguyen, Mohamed Cheriet, “DistAppGaurd: Distributed Application Behaviour Profiling in Cloud-Based Environment”, Annual Computer Security Applications Conference (ACSAC ‘21), Virtual Event, USA, Dec. 6-10, 2021.
Lianying Zhao, Muhammad Shafayat Oshman, Mengyuan Zhang, Fereydoun Farrahi Moghaddam, Shubham Chander, Makan Pourzandi, “Towards 5G-ready Security Metrics”, IEEE International Conference on Communications (ICC ‘21), June 14-23, 2021. [author copy]
Mohammad Mahdi Ghorbani, Fereydoun Farrahi Moghaddam, Mengyuan Zhang, Makan Pourzandi, Kim Khoa Nguyen, Mohamed Cheriet, “Malchain: Virtual Application Behaviour Profiling by Aggregated Microservice Data Exchange Graph”, IEEE International Conference on Cloud Computing Technology and Science (CloudCom ‘20), Bangkok, Thailand, Dec. 14-17, 2020.
Alaa Oqaily, Sudershan Lakshmanan Thirunavukkarasu, Yosr Jarraya, Suryadipta Majumdar, Mengyuan Zhang, Makan Pourzandi, Lingyu Wang, Mourad Debbabi, “NFVGuard: Verifying the Security of Multilevel Network Functions Virtualization (NFV) Stack,” IEEE International Conference on Cloud Computing Technology and Science (CloudCom ‘20), Bangkok, Thailand, Dec. 14-17, 2020. [author copy]
Meisam Mohammady, Shangyu Xie, Yuan Hong, Mengyuan Zhang, Lingyu Wang, Makan Pourzandi, and Mourad Debbabi, “R²DP: A Universal and Automated Approach to Optimizing the Randomization Mechanisms of Differential Privacy for Utility Metrics with No Known Optimal Distributions,” ACM Conference on Computer and Communications Security (CCS ‘20), Orlando, USA, Nov. 9-13, 2020. [author copy] [arxiv]
Azadeh Tabiban, Yosr Jarraya, Mengyuan Zhang, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi, “Catching Falling Dominoes: Cloud Management-Level Provenance Analysis with Application to OpenStack,” IEEE Conference on Communications and Network Security (CNS ‘20), Avignon, France, June 29-July 1, 2020. [author copy]
Sudershan Lakshmanan Thirunavukkarasu, Mengyuan Zhang, Alaa Oqaily, Gagandeep Singh Chawla, Lingyu Wang, Makan Pourzandi, and Mourad Debbabi, “Modeling NFV Deployment to Identify the Cross-level Inconsistency Vulnerabilities,” IEEE International Conference on Cloud Computing Technology and Science (CloudCom ‘19), Sydney, Australia, Dec. 11-13, 2019. [author copy]
Momen Oqaily, Yosr Jarraya, Mengyuan Zhang, Lingyu Wang, Makan Pourzandi, and Mourad Debbabi, “iCAT: An Interactive Customizable Anonymization Tool,” European Symposium on Research in Computer Security (ESORICS ‘19), Luxembourg, Sep. 23-27, 2019. [author copy]
Mengyuan Zhang, Yue Xin, Lingyu Wang, Sushil Jajodia, and Anoop Singhal, “CASFinder: Detecting Common Attack Surface,” IFIP Annual Conference on Data and Applications Security and Privacy (DBSec ‘19), Charleston, SC, USA, July 15-17, 2019 (Best Paper Award). [author copy]
Taous Madi, Mengyuan Zhang, Yosr Jarraya, Amir Alimohammadifar, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi, “QuantiC: Distance Metrics for Evaluating Multi-tenancy Threats in Public Cloud,” IEEE International Conference on Cloud Computing Technology and Science (CloudCom ‘18), Nicosia, Cyprus, Dec. 10-13, 2018. [author copy]
Onur Duman, Mengyuan Zhang, Lingyu Wang, Mourad Debbabi, “Measuring the Security Posture of IEC 61850 Substations with Redundancy Against Zero Day Attacks,” IEEE International Conference on Smart Grid Communications (SmartGridComm ‘17), Dresden, Germany, Oct. 23-26, 2017. [author copy]
Lingyu Wang, Mengyuan Zhang, Sushil Jajodia, Anoop Singhal, Massimiliano Albanese, “Modeling Network Diversity for Evaluating the Robustness of Networks against Zero-Day Attacks,” European Symposium on Research in Computer Security (ESORICS ‘14), Wroclaw, Poland, Sep. 7-11, 2014. [author copy]

Journal articles

Junjian Ye, Xavier de Carné de Carnavalet Lianying Zhao, Mengyuan Zhang, Lifa Wu, Wei Zhang, “Exposed by Default: A Security Analysis of Home Router Default Settings and Beyond,” IEEE Internet of Things Journal (IEEE IoT-J), vol. 12, no. 2, Jan. 2025, pp. 1182-1199. [author copy]
Junjian Ye, Xincheng Fei, Xavier de Carné de Carnavalet, Lianying Zhao, Lifa Wu, Mengyuan Zhang, “Detecting Command Injection Vulnerabilities in Linux-Based Embedded Firmware with LLM-based Taint Analysis of Library Functions,” Elsevier Computers & Security, 144, 103971, September 2024. [author copy]
Sudershan Lakshmanan, Mengyuan Zhang, Suryadipta Majumdar, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, “Caught-in-Translation (CiT): Detecting Cross-level Inconsistency Attacks in Network Functions Virtualization (NFV)”, IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 21, no. 4, July-Aug. 2024, pp. 2964-2981. [author copy]
Momen Oqaily, Mohammad Ekramul Kabir, Suryadipta Majumdar, Yosr Jarraya, Mengyuan Zhang, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi, “iCAT+: An Interactive Customizable Anonymization Tool Using Automated Translation Through Deep Learning”, IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 21, no. 4, July-Aug. 2024, pp. 2799-2817. [author copy]
Onur Duman, Mengyuan Zhang, Lingyu Wang, Mourad Debbabi, Ribal Atallah, Bernard Lebel, “Factor of Security (FoS): Quantifying the Security Effectiveness of Redundant Smart Grid Subsystems,” IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 19, no. 2, March-April 2022, pp. 1018-1035. [author copy]
Gagandeep Singh Chawla, Mengyuan Zhang, Suryadipta Majumdar, Yosr Jarraya, Makan Pourzandi, Lingyu Wang, and Mourad Debbabi, “VMGuard: State-based Proactive Verification of Virtual Network Isolation with Application to NFV,” IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 18, no. 4, July-Aug. 2021, pp. 1553-1567. [author copy]
Mengyuan Zhang, Xavier de Carné de Carnavalet, Lingyu Wang, Ahmed Ragab, “Large-Scale Empirical Study of Important Features Indicative of Discovered Vulnerabilities to Assess Application Security,” IEEE Transactions on Information Forensics and Security (TIFS), vol. 14, no. 9, Sep. 2019, pages 2315-2330. [author copy]
Mina Khalili, Mengyuan Zhang, Daniel Borbor, Lingyu Wang, Nicandro Scarabeo, Michel-Ange Zamor, “Monitoring and Improving Managed Security Services inside a Security Operation Center,” EAI Endorsed Transactions on Security and Safety, Vol. 5, No. 18, Jan. 2019. [author copy]
Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal, “Network Attack Surface: Lifting the Concept of Attack Surface to the Network Level for Evaluating Networks’ Resilience against Zero-Day Attacks,” IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 18, no. 1, Dec. 2018, pages 310-324. [author copy]
Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal, Massimiliano Albanese, “Network Diversity: A Security Metric for Evaluating the Resilience of Networks against Zero-Day Attacks,” IEEE Transactions on Information Forensics and Security (TIFS), vol. 11, no. 5, Jan. 2016, pages 1071-1086. [author copy]

Book Chapters and Encyclopedia

Mengyuan Zhang (2023). Network Diversity. In: Jajodia, S., Samarati, P., Yung, M. (eds) Encyclopedia of Cryptography, Security and Privacy. Springer, Berlin, Heidelberg.
Lingyu Wang, Mengyuan Zhang, Anoop Singhal, “Network Security Metrics: From Known Vulnerabilities to Zero Day Attacks,” in From Database to Cyber Security, Pierangela Samarati, Indrajit Ray, Indrakshi Ray, editors, Springer, 2018
Mengyuan Zhang, Lingyu Wang, Sushil Jajodia, Anoop Singhal, “Evaluating the network diversity of networks against zero-day attacks,” in Network Security Metrics, Lingyu Wang, Sushil Jajodia, Anoop Singhal, editors, Springer, 2017

Patents

“Caught-in-Translation (CiT): A Novel System for Translation-based Real-time Inconsistency Detection in NFV”, Filed Patent
“Utility optimized differential privacy system”, Filed Patent, Application number: 17610795
“Microservice Profiling in Containerized Environments for Data Driven Approaches,”, Filed Patent, Publication number: WO2021105905A1
“Data Anonymization Views,” Filed Patent, Publication number: WO2020222140A1
“Utility Optimized Differential Privacy System,” Filed Patent, Publication number: WO2020230061A1
Taous Madi, Mengyuan Zhang, Yosr Jarraya, Makan Pourzandi, Lingyu Wang and Mourad Debbabi, “Apparatus and Method for Evaluating Multiple Aspects of the Security for Virtualized Infrastructure in a Cloud Environment,” publication number: US2021152572A1