pic

Ziming Zhao Ziming's Chinese Name

Associate Professor

Khoury College of Computer Sciences

Northeastern University

z.zhao AT northeastern.edu

I am an associate professor in the Khoury College of Computer Sciences at Northeastern University. I direct the CyberspACe securiTy and forensIcs lab (CactiLab). My research interests are in Systems and Software Security, Network and Web Security, and Human-centric Security. I am a recipient of the Test-of-Time Paper Award at SACMAT 2024 and Best/Distinguished Paper Awards at USENIX Security 2019, ACM AsiaCCS 2022, ACM CODASPY 2014, and ITU Kaleidoscope 2016. I earned my PhD in Computer Science from Arizona State University, and before that, I completed my bachelor’s and master’s degrees at Beijing University of Posts and Telecommunications.

My research has been supported by the National Science Foundation (NSF), the National Centers of Academic Excellence in Cybersecurity (NCAE-C), the Department of Defense (DoD), two Amazon Research Awards, and gifts from Octavo Systems. I am a recipient of an NSF CAREER award and an NSF CRII award. I was a visiting faculty at the Air Force Office of Scientific Research (AFOSR) in 2020/2021.

I am the faculty advisor and the founder of the CTF teams Cacti (all kinds of CTFs) and TigerBytes (hardware CTFs).

I have multiple RA openings starting Fall 2026. See my ads.

Awards and Recognitions

Teaching

Selected Publications

For the full list of publications, please refer to CactiLab Website.

Ph.D. Graduates

Last updated 11/2025

  • "We just went with what seemed the best supported": Lessons on Cryptographic Practices in Securing Microcontrollers from Embedded CTFs  
    Zheyuan Ma, Gaoxiang Liu, Alex Eastman, Md Armanuzzaman, Xi Tan, and Ziming Zhao
    ACM Conference on Computer and Communications Security (CCS), 2026

  • "We just did not have that on the embedded system": Insights and Challenges for Securing Microcontroller Systems from the Embedded CTF Competitions  
    Zheyuan Ma, Gaoxiang Liu, Alex Eastman, Kai Kaufman, Md Armanuzzaman, Xi Tan, Katherine Jesse, Robert Walls, and Ziming Zhao
    ACM Conference on Computer and Communications Security (CCS), 2025

  • 5G-RNAKA: A Random Number-based Authentication and Key Agreement Protocol for 5G Systems  
    Hui Li, Haotian Li, Chi Ma, Jingjing Guan, Junchi Zeng, Haonan Feng, and Ziming Zhao
    ACM Conference on Computer and Communications Security (CCS), 2025

  • Defending Against Membership Inference Attacks on Iteratively Pruned Deep Neural Networks  
    Jing Shang, Jian Wang, Kailun Wang, Jiqiang Liu, Nan Jiang, MD Armanuzzaman, Ziming Zhao
    Network and Distributed System Security Symposium (NDSS), 2025

  • Rethinking Membership Inference Attacks Against Transfer Learning  
    Cong Wu, Jing Chen, Qianru Fang, Kun He, Ziming Zhao, Hao Ren, Guowen Xu, Yang Liu, and Yang Xiang
    IEEE Transactions on Information Forensics and Security (TIFS), 2024

  • TokenScout: Early Detection of Ethereum Scam Tokens via Temporal Graph Learning  
    Cong Wu, Jing Chen, Ziming Zhao, Kun He, Guowen Xu, Yueming Wu, Haijun Wang, Hongwei Li, Yang Liu, Yang Xiang
    ACM Conference on Computer and Communications Security (CCS), 2024

  • Unveiling IoT Security in Reality: A Firmware-Centric Journey  
    Nicolas Nino, Ruibo Lu, Wei Zhou, Kyu Hyung Lee, Ziming Zhao, Le Guan
    USENIX Security Symposium (SECURITY), 2024

  • Moderating Illicit Online Image Promotion for Unsafe User Generated Content Games Using Large Vision Language Models  
    Keyan Guo, Ayush Utkarsh, Wenbo Ding, Isabelle Ondracek, Ziming Zhao, Guo Freeman, Nishant Vishwamitra, and Hongxin Hu
    USENIX Security Symposium (SECURITY), 2024

  • InsectACIDE: Debugger-Based Holistic Asynchronous CFI for Embedded System  
    Yujie Wang, Cailani Lemieux Mack, Xi Tan, Ning Zhang, Ziming Zhao, Sanjoy Baruah, and Bryan C. Ward
    IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2024

  • Where’s the "up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems  
    Xi Tan, Zheyuan Ma, Sandro Pinto, Le Guan, Ning Zhang, Jun Xu, Zhiqiang Lin, Hongxin Hu, and Ziming Zhao
    USENIX WOOT Conference on Offensive Technologies (WOOT), 2024

  • Building Your Own Trusted Execution Environments Using FPGA  
    Md Armanuzzaman, Ahmad-Reza Sadeghi, Ziming Zhao
    ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2024

  • Moderating New Waves of Online Hate with Chain-of-Thought Reasoning in Large Language Models  
    Nishant Vishwamitra, Keyan Guo, Farhan Tajwar Romit, Isabelle Ondracek, Long Cheng, Ziming Zhao and Hongxin Hu
    IEEE Symposium on Security and Privacy (Oakland), 2024

  • SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems  
    Xi Tan and Ziming Zhao
    ACM Conference on Computer and Communications Security (CCS), 2023

  • Return-to-Non-Secure Vulnerabilities on ARM Cortex-M TrustZone: Attack and Defense  
    Zheyuan Ma, Xi Tan, Lukasz Ziarek, Ning Zhang, Hongxin Hu and Ziming Zhao
    ACM/IEEE Design Automation Conference (DAC), 2023

  • xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses  
    Feng Wei, Hongda Li, Ziming Zhao, Hongxin Hu
    USENIX Security Symposium (SECURITY), 2023

  • EchoHand: High Accuracy and Presentation Attack Resistant Hand Authentication on Commodity Mobile Devices  
    Cong Wu, Jing Chen, Kun He, Ziming Zhao, Ruiying Du, and Chen Zhang
    ACM Conference on Computer and Communications Security (CCS), 2022

  • Understanding and Detecting Remote Infection on Linux-based IoT Devices  
    Hongda Li, Qiqing Huang, Fei Ding, Hongxin Hu, Long Cheng, Guofei Gu, Ziming Zhao
    ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2022 (Best Paper Award)

  • A Formal Analysis of the FIDO UAF Protocol  
    Haonan Feng, Hui Li, Xuesong Pan, Ziming Zhao
    Network and Distributed System Security Symposium (NDSS), 2021

  • Having Your Cake and Eating It: An Analysis of Concession-Abuse-as-a-Service  
    Zhibo Sun, Adam Oest, Penghui Zhang, Carlos Rubio-Medrano, Tiffany Bao, Ruoyu Wang, Ziming Zhao, Yan Shoshitaishvili, Adam Doupe, and Gail-Joon Ahn
    USENIX Security Symposium (SECURITY), 2021

  • SmokeBomb: Effective Mitigation Against Cache Side-channel Attacks on the ARM Architecture  
    Haehyun Cho, Jinbum Park, Donguk Kim, Ziming Zhao, Yan Shoshitaishvili, Adam Doupe, Gail-Joon Ahn
    ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), 2020

  • Liveness is Not Enough: Enhancing Fingerprint Authentication with Behavioral Biometrics to Defeat Puppet Attacks  
    Cong Wu, Kun He, Jing Chen, Ziming Zhao, Ruiying Du
    USENIX Security Symposium (SECURITY), 2020

  • DANdroid: A Multi-View Discriminative Adversarial Network for Obfuscated Android Malware Detection  
    Stuart Millar, Niall McLaughlin, Jesus Martinez del Rincon, Paul Miller, Ziming Zhao
    ACM Conference on Data and Application Security and Privacy (CODASPY), 2020

  • Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues  
    Faris Bugra Kokulu, Ananta Soneji, Tiffany Bao, Yan Shoshitaishvili, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
    ACM Conference on Computer and Communications Security (CCS), 2019

  • Users Really Do Answer Telephone Scams  
    Huahong Tu, Adam Doupé, Ziming Zhao, and Gail-Joon Ahn
    USENIX Security Symposium (SECURITY), 2019 (Distinguished Paper Award)

  • Wi Not Calling: Practical Privacy and Availability Attacks in Wi-Fi Calling  
    Jaejong Baek, Sukwha Kyung, Haehyun Cho, Ziming Zhao, Adam Doupé, Yan Shoshitaishvili, and Gail-Joon Ahn
    Annual Computer Security Applications Conference (ACSAC), 2018

  • Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone  
    Haehyun Cho, Penghui Zhang, Donguk Kim, Jinbum Park, Choonghoon Lee, Ziming Zhao, Adam Doupé, and Gail-Joon Ahn
    Annual Computer Security Applications Conference (ACSAC), 2018

  • AIM-SDN: Attacking Information Mismanagement in SDN-datastores
    Vaibhav Hemant Dixit, Adam Doupé, Yan Shoshitaishvili, Ziming Zhao and Gail-Joon Ahn
    ACM Conference on Computer and Communications Security (CCS), 2018

  • A Game Theoretic Approach in Strategy Generation for Moving Target Defense in Web Applications  
    Sailik Sengupta, Satya Gautam Vadlamudi, Subbarao Kambhampati, Adam Doupe, Marthony Taguinod, Ziming Zhao and Gail-Joon Ahn
    16th International Conference on Autonomous Agents and Multiagent Systems (AAMAS), 2017

  • On the Safety and Efficiency of Virtual Firewall Elasticity Control  
    Juan Deng, Hongda Li, Hongxin Hu, Kuang-Ching Wang, Gail-Joon Ahn, Ziming Zhao and Wonkyu Han
    24th Network and Distributed System Security Symposium (NDSS), 2017

  • SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephony Spam  
    Huahong Tu, Adam Doupé, Ziming Zhao and Gail-Joon Ahn
    37th IEEE Symposium on Security and Privacy (Oakland), 2016

  • Game Theoretic Analysis of Multiparty Access Control in Online Social Networks  
    Hongxin Hu, Gail-Joon Ahn, Ziming Zhao and Dejun Yang
    ACM Symposium on Access Control Models and Technologies (SACMAT), 2014 (Test of Time Award in SACMAT 2024)

  • On the Security of Picture Gesture Authentication   
    Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo and Hongxin Hu
    22nd USENIX Security Symposium (SECURITY), 2013