No.128, Zhongguancun North Street, Haidian District, Beijing, P.R. China, 100080

email:hanxinhui (at) pku.edu.cn

Research Interests

· Malware Detection and Prevention

· Network Security Monitoring

· Vulnerability Analysis and Utilization

Education

· Beijing University （PKU）

B.S., Basic Mathematics, 1991

· Beijing Normal University （BNU）

M.S., applied mathematics, 1994

· Beijing Normal University （BNU）

Ph.D., Computer Applied Technology

Working Experience

·Peking University (PKU)

Senior Engineer, Institute of Computer Science and Technology, 2007–Now

· Peking University (PKU)

Assistant Researcher, Institute of Computer Science and Technology, 1996–200

Selected Publications

(1) DING Yu, Tao Wei, XUE Hui, ZHANG Yulong, ZHANG Chao, HAN Xinhui(*), Accurate and efficient exploit capture and classification, Science China Information Sciences60(5), 052110 (2017) 10.1007/s11432-016-5521-0

(2) Zhang Huilin, Ding Yu, Zhang Lihua, Duan Lei, Zhang Chao, Wei Tao, Li Guancheng, Han Xinhui (*), SQL Injection Prevention Based on Sensitive Character, Journal of Computer Research and Development, 2016.10.15, （10）：2262~2276

(3) HAN Xinhui, DING Yijing,WANG Dongqi,LI Tongxin,YE Zhiyuan, Android malicious AD threat analysis and detection techniques, Journal of Tsinghua University (Science and Technology), 2016.5.15, （05）：468~477

4. （01）：58~65

(5) HAN Xinhui,WANG Dongqi, CHEN Zhaofeng, ZHANG Huilin, Study of a Protection Method of Sensitive Dataof Web Servers in the Cloud, Journal of Tsinghua University (Science and Technology), 2016.1.15, （01）：51~57+65

(6) Yangyi Chen , Tongxin Li , XiaoFeng Wang, Kai Chen, Xinhui Han, Perplexed Messengers from the Cloud: Automated Security Analysis of Push-Messaging Integrations, 22nd ACM SIGSAC Conference on Computer and Communications Security（CCS2015）, Denver, Colorado,USA, 2015.10.12-2015.10.16

(7) Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao, Shi-Min Hu, Xinhui Han, Cracking App Isolation on Apple: Unauthorized Cross-App Resource Access on MAC OS X and iOS, 22nd ACM SIGSAC Conference on Computer and Communications Security（CCS2015）, Denver, Colorado, USA, 2015.10.12-2015.10.16

(8) Bingshuang Liu, Jun Li, Tao Wei, Skyler Berg, Jiayi Ye, Chen Li, Chao Zhang, Jianyu Zhang, Xinhui Han(*), SF-DRDoS: The store-and-flood distributed reflective denial of service attack, Computer Communications, 2015.9.15, 69：10,7~115

(9) Yu Ding, Liang Guo, Chao Zhang, Yulong Zhang, Hui Xue, Tao Wei, Yuan Zhou, Xinhui Han,Poster: Classifying Downloaders 36th IEEE Symposium on Security and Privacy (S&P), San Jose, California at The Fairmont,United States, 2015.5.18-2015.5.20

(10) Chen Li, Yu Ding, Tongxin Li, Jun Li, Xinhui Han,Poster: SIPD: a practical SDN-based IP spoofing defense method, 2016 Network and Distributed System Security (NDSS), San Diego, California, USA, 2015.2.8-2015.2.11

(11) Dongqi Wang, Shuaifu Dai, Yu Ding, Tongxin Li, Xinhui Han,Poster:AdHoneyDroid–Capture Malicious Android Advertisements, 22nd ACM Conference on Computer and Communications Security(CCS2014), Scottsdale, Arizona, USA, 2014.11.3-2014.11.7

(12) Tongxin Li, Xiaoyong Zhou, Luyi Xing, Yeonjoon Lee, Muhammad Naveed, XiaoFeng Wang, Xinhui Han, Mayhem in the Push Clouds: Understanding and Mitigating Security Hazards in Mobile Push-Messaging Services, 21st ACM Conference on Computer and Communications Security(CCS2014), Scottsdale,Arizona, USA , 2014.12.3-2014.12.7

(13) Jiayi Ye, Chao Zhang, Xinhui Han,Poster:UAFChecker:Scalable Static Detection of Use-After-Free Vulnerabilities, 21st ACM Conference on Computer and Communications Security(CCS2014), Scottsdale, Arizona, USA, 2014.11.3-2014.11.7

(14) Lihua Zhang, Yu Ding, Chao Zhang, Lei Duan, Zhaofeng Chen, Tao Wei, Xinhui Han,PHPGate: A Practical White-Delimiter-Tracking Protection against SQL-Injection for PHP, 23rd USENIX Security Symposium(USENIX Security14), San Diego,CA,USA, 2014.8.20-2014.8.22

(15) LIU Bing-Shuang, WEI Tao, ZOU Wei, ZHANG Jian-Yu,ZHOU Yuan, HAN Xin-Hui(*), Study on Behavior of Malciious Index Nodes in KAD, Chinese Journal of Computer, 2014.5.1, 37（5）：1124~1134

(16) HAN Xinhui, XIAO Xiangquan, ZHANG Jianyu, LIU Binshuang, ZHANG Yuan, Sybil defenses in DHT networks based on social relationships, Journal of Tsinghua University (Science and Technology), 2014.1.1, 54（1）：1~7

(17) YAO Ru-hao, LIU Bing-shuang, QU De-shuai, ZHOU Yuan, HAN Xin-hui(*), Smart-blacklisting: an efficient methodology for mitigating fake block attack in P2P file-sharing systems, Journal on Communications, 2013.8.1, 34（8）：88~94

(18) ZHANG Hui-Lin, ZOU Wei, HAN Xin-Hui(*), Drive-by-Download Mechanisms and Defenses, Journal of Software,2013.4.1, 24（4）：843~858

(19) YANG Guang-liang, GONG Xiao-rui, YAO Gang, HAN Xin-hui (*), A Privacy Leakage Detection System for Android, Computer Engineering, 2012.12.1, 38（23）：1~6

(20) Cong Zheng, Shixiong Zhu, Shuaifu Dai, Guofei Gu, Xiaorui Gong, Xinhui Han, Wei Zou, SmartDroid-an Automatic System for Revealing UI-based Trigger Conditions in Android Applications, SPSM2012, Raleigh, North Carolina, USA., 2012.10.19-2012.10.19

(21) Kevin Zhijie Chen, Guofei Gu, Jianwei Zhuge, Jose Nazario, Xinhui Han(*),WebPatrol : Automated Collection and Replay of web-based malware scenarios,ASIACCS 2011, Hong Kong, 2011.3.22-2011.3.24

(22) HAN Xinhui, GONG Xiaorui , ZHUGE Jianwei,ZOU Lei, ZOU Wei, Detection of drive-by downloads based on the frequent embedded subtree pattern-mining algorithm, Journal of Tsinghua University (Science and Technology), 2011.10.1, 51（10）：1312~1317

Patents

(1) Han Xinhui, Zheng Cong, Gong Xiaorui, Zhu Shixiong, An Automated Detection Method for Android Malware, 2015.9.23, CN201110445091.6

(2) Gong Xiaorui, Yang Guangliang, Han Xinhui, Zou Wei, A Directed Symbolic Execution Analysis Technology for Mobile Apps, 2015.5.13, CN201210200544.3

(3) Han Xinhui, Zhang Huilin, Gong Xiaorui, Zou Wei, Wei Tao, A Method for Detecting Botnets Based on Active Detection, 2015.3.4, CN201210003559.0

(4) Zhong Jinhui, Han Xinhui, Guo Jinpeng, Zhuge Jianwei, Song Chengyu, Gong Xiaorui, A Method for Trojan Detection Based on ActiveX Component Simulation, 2012.8.22, CN201010124674.4

(5) Zhuge Jianwei, Chen Zhijie, Han Xinhui, Gong Xiaorui, Song Chengyu, A Method for Heap Spray Detection Based on Dynamic Instrumentation of Intermediate Instructions, 2011.7.27, CN200910242714.2

(6) Han Xinhui, Wei Tao, Zhuge Jianwei, Zou Wei, Ye Zhiyuan, You Hongyu, Zhang Xinggong, Liang Zhiyin, A Method and Apparatus for Redirecting Network Communication, 2009.3.11, CN200610113380.5

(7) Zhou Yangrong, Han Xinhui, Zhang Xinggong, Lu Tengfei, Zou Wei, A Method for Detecting Hidden Malware on Windows, 2009.6.24, CN200710304083.3

Fundings（selected）

(1) a High-performance Gateway Project for Security Isolation and Information Exchange Based on Dual Stack Protocol (IPV6/IPV4), Co-PI, 2013.06-2016.06, RMB 8,000,000, National Development and Reform Commission Information Security Program

(2) Design and Verification of Personal Information Protection Standard in Information System, Co-PI, 2013.12-2016.06, RMB 4,000,000, National Development and Reform Commission Information Security Program

(3) Transverse Project, Vulnerability Testing and Analysis on Domestic Operating System, PI, 2012.11-2013.03, RMB 100,000

(4) Research on Trojan Scanning and Removal Based on Active Detection, PI, 2012.3-2013.3, RMB 600,000, National “242” Information Security Program

(5) Research on Protecting Smart Grid, PI, 2012.01-2013.12, RMB 500,0000, Transverse Project (State Grid)

(6) Research on Detecting Malicious Behaviors and Privacy Leakage in Mobile Apps, PI , 2011.12-2012.12, Co-PI, RMB 500,000, Beijing Municipal Science and Technology Commission Program

(7) Research on Integrity Verification for Outsourcing Storage , Co-PI, 2012.01-2015.12, RMB 590,000, National Natural Science Foundation of China(NSFC)

(8) A Threat Monitoring Service Platform for Mobile Network Based on Cloud Computing, Co-PI, 2010.07-2012.06, RMB 8,000,000, National Development and Reform Commission Information Security Program

(9) Mechanism Analysis and Detection Methods of Drive-by Download Exploits, Co-PI, 2011.01-2013.12, RMB 180,000, National Natural Science Foundation of China(NSFC) Peking University (PKU)