Li Zhenyuan

Li Zhenyuan

Zhejiang University

I am a Researcher at the School of Software Technology, Zhejiang University . Before joining ZJU, I worked at Huawei 2012 Lab as a Senior Engineer. I received my Ph.D. degree from the Department of Computer Science and Technology at Zhejiang University.

My research interests lie in system security, intrusion detection, and cyber threat analysis. My current work focuses on designing practical intrusion detection and attack investigation systems. I work closely with my PhD advisors, Prof. Yan Chen from Northwestern University, Prof. Shouling Ji and Prof. Fan Zhang from Zhejiang University.

Recent research interests include:

  • Intelligent yet Effcient Cyber Attack Hunting
  • Automatic Penetration and Attack Planning
  • Action Security for LLM Agents

Feel free to contact me if you are interested in industry-oriented security research.(招收2026级硕士生4-5名,欢迎联系!

🔥 News

  • 🧑‍💻 2025.12: Invited to serve as an Early Career Editorial Board member for the journal “Digital Twins and Applications”. Welcome innovative submissions on digital twin technologies across all domains!
  • 📑 2025.11: Our paper “Actionable, Customizable, and Causality-Preserving Cyberattack Emulation with LLM-powered Symbolic Planning” is accepted by ACNS’26.
  • 🏗️ 2025.11: Granted National Natural Science Foundation of Ningbo (Youth Ph.D Program) as PI.
  • 📑 2025.11: Our paper “Breaking the Bulkhead: Demystifying Cross-Namespace Reference Vulnerabilities in Kubernetes Operators” is accepted by NDSS’26.
  • 📑 2025.10: Our paper “Towards Scalable and Interpretable Mobile App Risk Analysis via Large Language Models” is accepted by ICSE’26.
  • 🎉 2025.09: 获北京市科学技术奖“科学技术进步二等奖(初审)”(序7/10)“基于隐匿机制对抗的高隐蔽网络威胁检测溯源关键技术及应用”.
  • 📑 2025.09: 我们的论文“移动平台间谍软件防范:洞察、挑战与展望”被《信息安全学报》接收。
  • 📑 2025.09: Our paper “Incorporating Gradients to Rules: Towards Online, Adaptive Provenance-based Intrusion Detection” is accepted by TDSC.
  • 🏗️ 2025.07: Granted CCF-Tencent “Rhino-Bird” Open Research Fund as PI.
  • 📑 2025.07: 我们的论文“智能溯源分析与入侵检测:洞察、挑战与展望”被《计算机学报》接收。
  • 📑 2025.07: Our paper “AutoSeg: Automatic Micro-segmentation Policy Generation via Configuration Analysis” is accepted by Computer & Security.
  • 🎉 2025.05:指导作品“重明鸟:海量日志流中高隐蔽威胁在线检测系统”获软件创新大赛-软件系统安全赛“全国二等奖”及“优秀指导教师奖”,恭喜参与同学。 [Link]
  • 📑 2025.05: Our paper “The Case for Learned Provenance-based System Behavior Baseline” is accepted by ICML’25.
  • 📑 2025.04: One paper “PentestAgent: Incorporating LLM Agents to Automated Penetration Testing” is accepted by AsiaCCS’25.
  • 🧑‍💻 2025.03: Invited to serve as an TPC member for “GlobalCom 2025 CISS”.
  • 📃 2025.02: One poster “LLM-Driven Automated Exploit Assessment for Penetration Testing” will appear in NDSS’25 poster session.
  • 🏗️ 2024.12: Granted “Leading Goose” R&D Program of Zhejiang as PI.
  • 📑 2024.12: One paper “Understanding the Business of Online Affiliate Marketing: An Empirical Study” is accepted by INFOCOM’25.
  • 🎉 2024.09: Awarded Ningbo “YongJiang” Talent Programme (Youth Program).
  • 🏗️ 2024.08: Granted National Natural Science Foundation of China (Youth Program) as PI.
  • 📑 2024.08: Our paper “Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection” is accepted by NDSS’25.
  • 📑 2024.01: One paper “Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments” is accepted by AsiaCCS’24.

🛠️ Projects

📝 Selected Publications

Full List: Google Scholar (* Equally Contribution, # Corresponding Author)

计算机学报
sym

“智能溯源分析与入侵检测:洞察、挑战与展望”

李振源,韦洋洋,王征凯,纪守领

  • 机器学习模型寻找和表达特征的能力,为准确、高效的表征攻击模式提取,提升溯源检测的准确率;以及高效的数据压缩和搜索实现,有效提高分析效率及降低分析开销,提供了新的思路和解决方案

  • 溯源图中存在大量冗余、无关信息,通过合理利用机器学习算法可以实现对关键信息的高效的筛选、总结与压缩,有效提升溯源数据存储、查询和处理效率。

  • 入侵检测是一个系统性问题。当前基于智能溯源分析的入侵检测各模块在部分属性上实现了比较理想的效果,但这些模块之间往往不能简单的组合到一起。如何合理组合使用这些模块,达到整体效果最优是一个开放性问题。

ArXiv 2024
sym

Marlin: Knowledge-Driven Analysis of Provenance Graphs forEfficient and Robust Detection of Cyber Attacks

Zhenyuan Li, Yangyang Wei, Xiangmin Shen, Lingzhi Wang, Yan Chen, Haitao Xu, Shouling Ji, Fan Zhang, Liang Hou, Wenmao Liu, Xuhong Zhang, Jianwei Ying

Project

  • Marlin conceptualize real-time attack detection in streaming logs as a streaming graph alignment problem, leveraging query graphs to pinpoint critical elements in the provenance graph. Integrated into a tag propagation framework, it processes each event once, reducing redundancy and enhancing efficiency and defense against evasion.
CCS 2019
sym

Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts

Zhenyuan Li, Qi Alfred Chen, Chunlin Xiong, Yan Chen, Tiantian Zhu, Hai Yang

Project

  • The first effective and light-weight deobfuscation approach for PowerShell scripts. Adopted in the product of an startup security company .

📑 Selected Patents

  • 全量数据采集:“(受理)基于 eBPF 的 Android 系统细粒度溯源数据采集方法及装置”、“(授权)基于多层数据融合的云平台细粒度溯源数据采集方法与系统”
  • 高效威胁狩猎:“(授权)基于标签传递和事件基线学习的实时攻击链检测方法及系统”、“(授权)基于标签和图对齐的流式溯源图实时攻击检测方法及系统”、“(受理)基于大模型的可疑点前后向追踪与攻击路径还原方法及系统”、“(受理)基于大模型多智能体决策树的应用风险判定方法及装置”
  • 智能规则优化:“(授权)基于迭代预测校正的流式溯源图的异常检测方法及系统”、“(授权)基于特征反向传播的攻击检测策略优化方法及系统”
  • 自动攻击规划:“(受理)一种端到端网络攻击构建方法”、“(受理)基于大语言模型和攻击树模型的多阶段自动化渗透测试方案生成方法及系统”

💫 Selected Fundings

  • 国家自然基金青年科学基金项目,大规模实时溯源分析与攻击检测方法和关键技术研究,2025/01-2027/12,在研,项目负责人
  • 国家重点研发计划“网络空间安全治理”专项,面向终端的高隐蔽传播网络公害识别,取证和归因研究,2024/01-2026/12,在研,子课题负责人
  • 浙江省重点研发计划(“领雁”),******,2025/01-2025/12,在研,项目负责人
  • 浙江省重点研发计划(“领雁”),******,2024/01-2024/12,结题,课题负责人
  • 宁波市“甬江”青年创新人才项目,******,2025/01-2027/12,在研,项目负责人
  • 宁波自然基金青年博士创新研究项目,关键基础设施中新兴异构系统行为管控与安全防护方法及关键技术研究,2026/01-2027/12,在研,项目负责人
  • CCF-腾讯“犀牛鸟”科研基金,高效、智能、对抗导向的溯源分析与威胁狩猎方法与关键技术研究,2026/01-2026/12,获批,项目负责人
  • CCF-绿盟“鲲鹏”科研基金,云计算环境下基于流处理的大规模溯源分析,2024/01-2024/12,结题,项目负责人
  • 国家自然科学基金联合基金项目,面向APT网络攻击链的智能检测与溯源方法及关键技术研究,2021/01-2023/12,结题,技术骨干

📝 Teaching

  • 智能软件质量保障(2024年秋,2025年秋)

🎓 Students

  • 2026:
    • Junjie Cheng
    • Yijie Xu
  • 2025:
    • Shiyu Tan (1 * Patent, 1 * Competition Award)
    • Yaokun Li
    • Qizhi Cai
    • Haocheng Li
    • Zhipeng Chen
    • ji Zhou
  • 2024:
    • Yuqiao Gu (Ph.D Student, 1 * Patent, 1 * Competition Award)
    • Zhenkai Wang (TDSC Co-1st Author, ACNS 4th Author, 计算机学报三作, 1 * Competition Award)
    • Yi Jiang (信息安全学报一作, ACNS 3nd Author, 1 * Competition Award)
  • 2023:
    • Jiahui Wang (APSEC’24 2nd Author, ICSE’26 5th Author, 1 * Patent)
    • Mingxiang Shi (1 * Patent)
    • Yangyang Wei (ICML’25 3rd Author, 计算机学报二作, 3 * Patents, 1 * Competition Award)
    • Yu Yang (ICSE’26 1st Author)
    • Yao Zhu (ICML’25 1st Author)
  • Alumni: None.

🎖 Honors and Awards

  • 2025-09 北京市科学技术奖“科学技术进步二等奖(初审)”(序7/10)“基于隐匿机制对抗的高隐蔽网络威胁检测溯源关键技术及应用”
  • 2025-05 软件系统安全赛“全国二等奖”及“优秀指导教师奖” “重明鸟:海量日志流中高隐蔽威胁在线检测系统”
  • 2025-03 浙江大学软件学院“科研贡献奖”
  • 2024-09 Ningbo “YongJiang” Talent Programme (Youth Program)
  • 2021-02 Zhejiang Lab’s International Talent Fund for Young Professionals
  • 2020-12 Zhejiang University’s Academic Rising Star
  • 2020-10 CSC Joint Ph.D. Program
  • 2017-05 Outstanding Graduate of Xidian University (Top 1%)
  • 2015-11 National Scholarship (Undergraduate) (Top 1%)

💬 Invited Talks

  • 2020.10, InForSec Cyber Security Academic Papers Sharing (Co-located with Beijing Cyber Security Conference) | [video]
  • 2019.11, Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts, CCS’19, London

🛎️ Academic Service

  • Editorial Board Member: Digital Twins and Applications(2025-2027)
  • TPC Member: IEEE GlobeCom 2025 CISS
  • Reviewer: TIFS(2025), TDSC(2025, 2024), TBD(2025) EMSE(2025), TOSEM (2024), Computer & Security(2024), CAAI-TIT(2025), TII(2025), 计算机学报 (2025, 2024), 信息安全学报 (2024), 计算机科学 (2024)
  • Subreviewer/External reviewer: IEEE S&P (2025, 2024), NDSS (2026, 2022), AsiaCCS (2021), CCS (2019, 2018), ICDC (2019), ESORICS (2019)

📖 Educations

  • 2017.09 - 2022.06, Ph.D. in Cyber Security, Zhejiang University, Advised by Prof. Yan Chen.
  • 2021.05 - 2022.04, Visiting Ph.D. Student, National University of Singapore, Advised by Prof. Zhenkai Liang.
  • 2015.09 - 2019.06, B.S. in Information Security, Xidian University.
  • 2010.09 - 2013.06, Zhenhai Middle School, Ningbo.

💻 Working Experience

Flag Counter