Yu Ding (丁羽)

Senior Security Research Scientist
Baidu USDC


  • I am a senior security research scientist at X-Lab of Baidu USDC and I'm working with Lenx.
  • I received my Ph.D Degree in Computer Security from Peking University in July 2016 and Bachelor degree in Computer Science from Peking University in July 2010.

    Research Interests

    My research interests include software security and system protection.

    Open Source Projects

  • dftwin: high performance dynamic data flow tracking on windows
  • Publications

    1. SQL Injection Prevention Based on Sensitive Characters[PDF]
      Huilin Zhang, Yu Ding, Lihua Zhang, Lei Duan, Chao Zhang, Tao Wei, Guancheng Li, Xinhui Han
      Journal of Computer Research and Development (2016) 53(10). DOI:10.7544/issn1000-1239.2016.20160443
    2. Accurate and Efficient Exploit Capture and Classification [PDF]
      Yu Ding, Tao Wei, Hui Xue, Yulong Zhang, Chao Zhang, Xinhui Han
      Science China Information Science (2017) 60: 052110. doi:10.1007/s11432-016-5521-0
    3. VTrust: Regaining Trust on Virtual Calls [PDF]
      Chao Zhang, Scott Carr, Tongxin Li, Yu Ding, Chengyu Song, Mathias Payer, Dawn Song
      In Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS)
    4. Classifying Downloaders [PDF]
      Yu Ding, Liang Guo,Chao Zhang, Yulong Zhang, Hui Xue, Tao Wei, Yuan Zhou, Xinhui Han
      In Proceedings of 36th IEEE Symposium on Security and Privacy (Poster)
    5. SIPD: a practical SDN-based IP spoofing defense method [PDF]
      Chen Li, Yu Ding, Tongxin Li, Jun Li, Xinhui Han
      In 2016 Distributed Systems Security Symposium (NDSS) (Poster)
    6. PHPGate: A Practical White-Delimiter-Tracking Protection against SQL-Injection for PHP [PDF]
      Lihua Zhang, Yu Ding, Chao Zhang, Lei Duan, Zhaofeng Chen, Tao Wei, Xinhui Han,
      In Proceedings of 24th USENIX Security Symposium (Poster)
    7. AdHoneyDroid: Capture Malicious Android Advertisements [PDF]
      Dongqi Wang, Shuaifu Dai, Yu Ding, Tongxin Li, Xinhui Han,
      In Proceedings of 21st ACM Conference on Computer and Communications Security (Poster)
    8. Attack and Defense the OAuth based SSO systems [PDF]
      Jianjun Ye, Yu Ding, Tongxin Li, Huilin Zhang, Xinhui Han,
      In 2014 Annual Computer Security Applications Conference (Poster)
    9. Unider: Exploit Attack Emulator Armed with State-of-Art Exploit Techniques (Poster Session) [PDF]
      Yu Ding, Chao Zhang, Tao Wei
      In the Network and Distributed System Security Symposium (NDSS) , San Deigo, CA, Feb 2014.
    10. Android Low Entropy Demystified [PDF]
      Yu Ding, Zhuo Peng, Yuanyuan Zhou, Chao Zhang
      In IEEE International Conference on Communications (ICC) , Sydney, Australia, June 2014.
    11. A Framework to Eliminate Backdoors from Response Computable Authentication. [PDF]
      Shuaifu Dai, Tao Wei, Chao Zhang, Tielei Wang, Yu Ding, Wei Zou, Zhenkai Liang.
      In the 33rd IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, May 2012.
    12. Heap Taichi: Exploiting Memory Allocation Granularity in Heap-Spraying Attacks. [PDF]
      Yu Ding, Tao Wei, Tielei Wang, Zhenkai Liang, Wei Zou.
      In the 25th Annual Computer Security Applications Conference (ACSAC), Austin, TX, Dec. 2010.
    13. A Summary of Software Classification/Taxonomy Techniques [PDF]
      Yu Ding, Wei Zou, Tao Wei
      In The 5th Conference on Vulnerability Analysis and Risk Assessment (VARA), Shanghai , China, Dec. 2012
    14. Applying Cloud Computing Techniques in Information Security Research [PDF]
      Wei Zou, Yu Ding, Xinhui Han, Wenhan Yang
      In Communications of the CCF, Vol 8, No. 7, July 2012


  • Computer Security Conference Ranking List maintained by Prof. Guofei Gu.
  • Computer Security & Privacy Journal List by Microsoft Academic Search.


  • NDSS'13 external reviewer
  • S&P'13 external reviewer
  • AsiaCCS'13 external reviewer
  • Science China Volume F reviewer
  • S&P'16 external reviewer
  • AsiaCCS'16 external reviewer
  • IEEE Transactions on Information Forensics and Security (TIFS) external reviewer
  • IEEE Transactions on Knowledge and Data Engineering (TKDE) external reviewer
  • Software: Practice and Experience (SPE) external reviewer

  • Last update, Oct 1st, 2016.