Short Biography
Xiao Fu is currently an associate professor in the Software Institute at Nanjing University. Dr. Fu received her B.E., M.S. and Ph.D. degrees from Nanjing University, China in 2002, 2005 and 2010, respectively, all in the Department of Computer Science and Technology. Her research interests are network security, digital investigation, AI, big data, cloud computing, internet of things, wireless network.
研究兴趣:网络安全、数字取证、人工智能、大数据、云计算、物联网、无线网络。
Recruitment (招生)
面向2025年计划招生若干名博士生、直博生、学术硕士生、专业硕士生。
欢迎参加2025年考研进入南大软院的同学申请加盟我的研究组。
欢迎申请2025年保研计划的同学,请即时关注我院主页发布的报名方式。
欢迎有兴趣的本科生加盟我的研究组,提前体验科研工作。
欢迎有兴趣的同学给我邮件。
Teaching
● Software Security. Regular course for postgraduatesand undergraduates, 2022 - 2024.
● Database: principles, programming, and performance. Regular course for undergraduates, 2019 - 2021.
● Data Structure. Regular course for undergraduates, 2010 - 2018.
Research
Selected Publication
● Runfeng Lu, Yuzhu Sun, Haofeng Sun, Xiao Fu, Bin Luo, Xiaojiang Du, Jin Shi, Nadjib Aitsaadi and Mohsen Guizani, GeneDroid Fuzz: An Android Intent Fuzzing Method Based on Gene Mutation, GLOBECOM 2024.
● Wenzheng Zhang, Boxi Chen, Xiao Fu, Qing Gu, Jin Shi, Xiaojiang Du, Xiaoyang Zhou, A Privacy Preserving Method for IoT Forensics, GLOBECOM 2024.
● Zhiqiang Hao, Chuanyi Li, Xiao Fu, Bin Luo and Xiaojiang Du, Leveraging Hierarchies: HMCAT for Efficiently Mapping CTI to Attack Techniques, ESORICS 2024.
● Yaqing Zhang, Xiao Fu, Bin Luo, Xiaojiang Du and Mohsen Guizani, A blockchain based crowdsourcing digital forensics platform for complex IoT environment, IEEE ICC 2024.
● Yihao Jin, Xuanyu Liu, Xiao Fu, Bin Luo, Xiaojiang Du and Mohsen Guizani, Convolutional Neural Network Based Classification of WEECHAT Mini-Apps, IEEE ICC 2023.
● Ruiqing Chu, Xuanyu Liu, Xiao Fu, Bin Luo, Xiaojiang Du and Mohsen Guizani, Credibility Management of Cloud-based Digital Forensic Data A Decentralized Verification Mechanism, IEEE Cloudnet 2023.
● Xuanyu Liu, Xiao Fu*, Xiaojiang Du, Bin Luo and Mohsen Guizani, Machine Learning Based Non-intrusive Digital Forensic Service for Smart Homes, IEEE Transactions on Network and Service Management, 2023, 20(2): 945-960.
● Yuzhu Sun, Xuanyu Liu, Tianchi Wu, Xiao Fu, Bin Luo, Xiaojiang Du and Mohsen Guizani, Using Cloud Computing Based Crowdsourcing for Security and Privacy Settings of Android Users, IEEE GLOBECOM 2022.
● Xuanyu Liu, Ang Li, Xiao Fu*, Bin Luo, Xiaojiang Du and Mohsen Guizani, Understanding Digital Forensic Characteristics of Smart Speaker Ecosystems, IEEE GLOBECOM 2021, Madrid, Spain, December 2021.
● Shiwen Song, Xuanyu Liu, Xiao Fu*, Bin Luo, Xiaojiang Du and Mohsen Guizani, Visible Forensic Investigation for Android Applications by Using Attack Scenario Reconstruction, IEEE GLOBECOM 2021, Madrid, Spain, December 2021.
● Xuanyu Liu, Qiang Zeng, Xiaojiang Du, Siva Likitha Valluru , Chenglong Fu, Xiao Fu* and Bin Luo, SniffMislead: Non-Intrusive Privacy Protection against Wireless Packet Sniffers in Smart Homes, RAID 2021, Donostia/San Sebastian, Spain, October 2021.
● Li Lin, Xuanyu Liu, Xiao Fu*, Bin Luo, Xiaojiang Du and Mohsen Guizani, A Non-Intrusive Method for Smart Speaker Forensics, IEEE ICC 2021, Montreal, Canada, June 2021.
● Yuzhe Chen, Xiao Fu*, Bin Luo, Xiaojiang Du and Mohsen Guizani, Cloud Storage Forensics BaiduNetDisk WeiYun and 115yun on a Wireless Network, in Proc. of GLOBECOM 2020, Taiwan, China, December 2020.
● Yun Luo, Xiao Fu*, Bin Luo, Xiaojiang Du and Mohsen Guizani, Forensic Model for DDoS Attack, in Proc. of IEEE GLOBECOM 2020,Taiwan,China, December 2020.
● Fei Ye, Yunzhi Zheng, Xiao Fu*, Bin Luo, Xiaojiang Du, Mohsen Guizan, TamForen: A Tamper-Proof Cloud Forensic Framework, accepted by Transactions on Emerging Telecommunications Technologies.
● Meng Chen, Xiao Fu*, Bin Luo, Xiaojiang Du, Mohsen Guizani, Cloud Database Encryption Technology Based on Combinatorial Encryption. Globecom 2019.
● Xiaoyu Ma, Xiao Fu*, Bin Luo, Xiaojiang Du, Mohsen Guizani, A Design of Firewall Based on Feedback of Intrusion Detection System in Cloud Environmen. Globecom 2019.
● Sixian Sun, Xiao Fu*, Bin Luo, Xiaojiang Du, Mohsen Guizani, Detecting and Preventing ARP Attack in SDN-Based Cloud Environment. Infocom 2020 workshop.
● Xuanyu Liu, Xiao Fu*, Bin Luo, Xiaojiang Du, Mohsen Guizani, Monitoring User-Intent of Cloud-based Networked Applications in Cognitive Networks. Globecom 2018.
● Xiao Fu*, Rui Yang, Xiaojiang Du, Bin Luo, Mohsen Guizan,.Timing Channel in IaaS:How to Identify and Investigate. IEEE Access, 7:1-11, 2018.
● Sixian Sun, Xiao Fu*, Hao Ruan, Xiaojiang Du, Bin Luo, Mohsen Guizan, Real-time Behavior Analysis and Identification for Android Applications. IEEE Access, 6: 38041 – 38051, 2018.
● Xuanyu Liu, Xiao Fu*, Bin Luo, Xiaojiang Du. Distributed Cloud Forensic System with Decentralization and Multi-participation. Eai International Wireless Internet Conference. 2017
● Jiayun Xie, Xiao Fu*, Xiaojiang Du, Bin Luo.AutoPatchDroid: a framework for patching inter-app vulnerablities in android application. ICC 2017.
● Xie Jiayun, Fu Xiao*, Luo Bin.Survey on android protection mechanism(in Chinese) [J].Computer Engineering, 2018, 44 (2): 163-170,176.
● Hao Ruan, Xiao Fu*, Xiaojiang Du, Bin Luo. Analyzing Android Application in Real-Time at Kernel Level. ICCCN 2017.
● Rui Yang, Xiao Fu*, Xiaojiang Du, Bin Luo. Investigating Timing-based Side Channel Attacks in IaaS. Mobimedia 2016.
● Yingxin Cheng, Xiao Fu*, Xiaojiang Du, Bin Luo, Mohsen Guizani. A Lightweight Live Memory Forensic Approach Based on Hardware Virtualization. Information Sciences, 2017, 379(2): 23-41.
● Ziqi Wang, Rui Yang, Xiao Fu*, Xiaojiang Du, Bin Luo. A Shared Memory based Cross-VM Side Channel Attacks in IaaS Cloud. InfoCom 2016 workshop.
● Xiao Fu*, Yun Gao, Bin Luo, Xiaojiang Du, Mohsen Guizani. Security Threats to Hadoop: Data Leakage Attacks and How to Investigate Them. IEEE Network, 2017, 31(2): 67-71.
● Xiao Fu, Xiaojiang Du*, Bin Luo*. Data correlation-based analysis methods for automatic memory forensic. Security and Communication Networks. Volume 8, Issue 18, 4213-4226, December 2015.
● Yun Gao, Xiao Fu*, Bin Luo, Xiaojiang Du, Mohsen Guizani. Haddle: a framework for investigating data leakage attacks in Hadoop. Globalcom 2015.
● Gao Yun, Fu Xiao*, Luo Bin, A Survey of Cloud Forensics (in Chinese) [J]. Application Research of Computers. Volume 33, Issue1,1-6, January 2016.
● Xiao Fu, Xiaojiang Du, Bin Luo, Jin Shi, Yuhua Wang and Zhitao Guan. Correlating Processes for Automatic Memory Evidences Analysis. InfoCom 2015 workshop.
● Yiheng Duan, Xiao Fu*, Bin Luo, Ziqi Wang, Jin Shi, Xiaojiang Du. Detective: Automatically Identify and Analyze Malware Processes in Forensic Scenarios via Dynamic-Link Libraries. ICC 2015, London, UK, June 8-12, 2015.
● Li Junxiao, Fu Xiao*, Luo Bin, Xie Jiayun. A Survey on Android Malware and Detection Techniques (in Chinese) [J], Accepted, will be published in Application Research of Computers, 2015.
● Yingxin Cheng, Xiao Fu*, Bin Luo, Rui Yang, and Hao Ruan. Investigating the Hooking Behavior: A page-level Memory Monitoring Method for Live Forensics. ISC 2014, Hongkong, China, Oct 12-14, 2014.
● Qian Qin,Zhang Jian, Zhang Kun, Fu Xiao*,Mao Bing. Technical Study of Reducing Redundant Data for Intrusion Detection and Intrusion Forensics (in Chinese)[J], Computer Science, 2014,41(11A):252-258.
● Qian Qin, Dong Buyun, Tangzhe, Fu Xiao*, Mao Bing. Study on the Situation and Development of Memory Forensics (in Chinese) [J], Computer Engineering, 2014,40(8):95-102.
● Ji Yuchen, Fu Xiao*, Shi Jin, Zhao Zhihong, Luo Bin. Study on Event Reconstruction of Computer Intrusion Forensic (in Chinese) [J], Computer Engineering, 2014,40(1):315-321.
● Jian Zhang, Fu Xiao *, Bin Luo, Zhi-Hong Zhao and Xiaojiang Du. A Method to Automatically Filter Log Evidences for Intrusion Forensics, ICDCS 2013 workshop, Philadelphia, USA, July 8-11, 2013.
● Dong Buyun, Fang Pei, Fu Xiao*, Luo Bin, Zhao Zhihong. Design and Implementation of HDFS over Infiniband with RDMA, 11th International Conference on Wired/Wireless Internet Communications, St.Petersburg,Russia, June 5-7, 2013.
● Fu Xiao, Shi Jin, Xie Li. Layered Intrusion Scenario Reconstruction Method for Automated Evidence Analysis (in Chinese)[J], Journal of Software, 2011, 22(5): 996-1008.
● Fu Xiao, Xie Li. Filtering Intrusion Forensic Data Based on Attack Signatures, Journal of Computer Research and Development (in Chinese)[J], 2011,48(6): 964-973.
● Fu Xiao, Shi Jin, Xie Li. A Novel Data Mining-Based Method for Alert Reduction and Analysis, Journal of Network, 2010, 5(1):88-97.
● Fu Xiao, Xie Li. Security Alert Correlation: A Survey, Computer Science (in Chinese)[J], 2010,37(5):9-14.
● Fu Xiao, Cai Shengwen, Xie Li. Survey of Network Security Management (in Chinese)[J], Computer Science, 2009,36(2):15-19.
● Fu Xiao, Xie Li. ODARM: A Outlier Detection-based Alert Reduction Model. In: ABM Shawkat Ali and Yang Xiang. Dynamic and Advanced Data Mining for Progressing Technological Development: Innovations and Systemic Approaches, USA: IGI Global, November 2009.
● Fu Xiao, Xie Li. Using Outlier Detection to Reduce False Positives in Intrusion Detection, IEEE International Conference on Network and System Security, Shanghai, China, Oct. 18-20, 2008.
Patent
● 伏晓,陆润风,孙雨竹,孙浩峰,骆斌。一种基于基因突变的Android Intent模糊测试方法及装置;申请号或专利号:202411257093.6
● 伏晓、张文正、顾庆、石进。一种基于多用户数据溯源图的保隐私物联网取证方法;申请号或专利号:202410387042.9
● 伏晓,褚瑞晴,骆斌。基于云存储的数字取证可信性验证方法及系统;申请号或专利号:202410083593.6
● 伏晓,郝志强,骆斌。一种基于层次感知的网络安全情报映射系统及其方法;申请号或专利号:202410083609.3
● 伏晓,郝志强,徐昊,杨毅,骆斌。一种基于图形识别与量化指标的股票交易推荐系统及方法;申请号或专利号:202311196783.0
● 伏晓,傅晓航,骆斌。一种基于社交网络的博彩账号检测方法;申请号或专利号:202311196787.9
● 伏晓、张雅晴、骆斌。用于复杂物联网环境的基于区块链的众包数字取证平台;申请号或专利号:202311204332.7
●伏晓,孙雨竹,骆斌。基于众包的Android用户安全和隐私设置系统及方法;申请号或专利号:202210693635.9
● 伏晓,金义皓,骆斌。一种基于卷积神经网络的微信小程序分类方法及系统;申请号或专利号:202211050302.0
● 伏晓、宋师文、孙雨竹、刘轩宇、骆斌。基于深度学习防止行为不端小程序的隐私保护方法及系统;申请号或专利号:202211100283.8
● 伏晓,刘轩宇,骆斌。基于策略模型的非侵入式智能家居数字取证系统及方法;申请号或专利号:202211100307.X
● 伏晓,刘轩宇,李昂,吴天池,骆斌。基于数据溯源模型的智能音箱本地端数字取证系统及方法。申请号或专利号:202110673416X(授权)
● 伏晓,宋师文,吴天池,刘轩宇,骆斌。一种用于安卓攻击场景重建的可视化取证系统及实现方法。申请号或专利号:2021106747615(授权)
● 伏晓、刘轩宇、骆斌。智能家居环境中通过误导嗅探工具保护隐私的系统及方法。申请号或专利号:202010632100.1(授权)
● 伏晓、叶飞、郑韵芝、骆斌。一种用于分布式云取证可信度验证系统及其方法。申请号或专利号:202010865984.5(授权)
● 伏晓、骆云、骆斌。一种用于DDoS攻击的取证方法及系统。申请号或专利号:202010949005.4(授权)
● 伏晓,林丽,骆斌,刘轩宇。一种非侵入式的智能音箱安全取证系统及其方法。申请号或专利号:202011315413.0(授权)
● 伏晓,陈濛,骆斌。基于组合加密的云数据库加密方法。申请号或专利号:201910925931.5(授权)
● 伏晓,孙思娴,骆斌。基于SDN云环境检测和缓解ARP攻击的系统及方法。申请号或专利号:201910448147.X(授权)
● 骆斌,卢坚,伏晓。一种基于规则的通用文本信息抽取和信息生成方法。申请号或专利号:201910153119.5(授权)
● 伏晓,刘轩宇,骆斌。应用于云计算环境的基于用户意图检测的取证系统及方法。申请号或专利号:201810753647.X(授权)
● 伏晓,谢佳筠,骆斌。基于安卓程序应用间攻击的自动化补丁系统及方法。申请号或专利号:201610313468.5。(授权)
● 伏晓,杨瑞,骆斌。基于内存活动的边信道攻击取证系统及方法。申请号或专利号:201510915411.8。(授权)
● 伏晓,王子祺,骆斌,杨瑞,周业茂。基于共享内存的云取证证据获取方法及系统。申请号或专利号:201510682287.5。(授权)
● 伏晓,阮豪,骆斌,周业茂。基于内核的安卓程序实时行为分析方法及系统。申请号或专利号:201510682288.X。(授权)
● 伏晓,高运,骆斌。用于Hadoop平台数据泄露攻击的自动检测取证方法。申请号或专利号:201510301896.1。(授权)
● 伏晓,端一恒,骆斌。一种在取证场景下自动检测恶意进程的方法。申请号或专利号:201410705875.1。(授权)
● 伏晓,端一恒,骆斌。一种在取证场景下自动分析未知恶意程序特征的方法。申请号或专利号:201410696330.9。(授权)
● 伏晓,骆斌。一种基于数据关联的自动内存证据分析方法。申请号或专利号:201410696545.0。(授权)
● 伏晓,程盈心,骆斌、杨瑞、阮豪。一种基于硬件虚拟化的模块化计算机取证系统及其方法。申请号或专利号:201410202898.0。(授权)
● 伏晓,程盈心,骆斌、杨瑞、阮豪。一种用于收集和截获计算机内存行为的蜜罐机制及其方法。申请号或专利号:201410203373.9。(授权)
● 伏晓,端一恒,周业茂,骆斌等。一种通用设备故障检测维修方法。申请号或专利号:201310591494.0。(授权)
● 伏晓,张瑊,骆斌,赵志宏。用于BSM安全审计日志的冗余及无用数据删减方法。申请号或专利号:201210449246.8。(授权)
Funding
● 项目名称:霸凌哨兵系统
项目来源:南京祥钿能源科技有限公司,金额:60万
项目角色:项目负责人
● 项目名称:研发数字化项目管理系统
项目来源:苏州西门子电器有限公司,金额:49万
项目角色:项目负责人
● 项目名称:“超级账号”关键技术咨询服务
项目来源:思目创意设计产业江苏有限公司,金额:200万
项目角色:项目负责人
● 项目名称:天津市金融工作局司法数据交换系统
项目来源:天津市金融工作局,金额:10万
项目角色:项目负责人
● 项目名称:基于内存取证的实时自动证据分析技术研究
项目来源:国家自然科学基金委项目,金额:20万
项目角色:项目负责人
● 项目名称:化学应急箱组装备运用研究
项目来源:中国人民解放军73921部队,项目金额:6万
项目角色:项目负责人
● 项目名称:发烟车综合故障检测软件
项目来源:中国人民解放军73017部队,项目金额:6万
项目角色:项目负责人
● 项目名称:江苏法院数字审委会系统
项目来源:江苏省高级人民法院,项目金额:49万
项目角色:项目负责人
● 项目名称:执行案件信息数据交换系统
项目来源:江苏省高级人民法院,项目金额:40万
项目角色:项目负责人
● 项目名称:故障通用检测系统
项目来源:中国人民解放军73921部队,项目金额:6万
项目角色:项目负责人
● 项目名称:天津市法院审判指标评估体系系统
项目来源:天津市高级人民法院,项目金额:33万
项目角色:项目负责人
● 项目名称:江苏法院案件稳定风险评估系统
项目来源:江苏省高级人民法院,项目金额:45万
项目角色:项目负责人
上届研究生就业情况
曾繁莹 美团
金义皓 阿里巴巴
马妍 荣耀
傅晓航 微软
葛如梦 广发证券
付佳 中国建设银行江苏省分行
宋典城 字节跳动
韩泽旭 阿里巴巴
夏伟 阿里巴巴
闫佳琪 字节跳动
路凯达 中信证券
宋师文 读博-新加坡管理大学
