I am a Researcher in the Zhejiang University, Schoolof Software Technology . Before joining ZJU, I worked at Huawei, 2012 Lab
as a Senior Engineer. I graduated from Department of Computer Science and Technology, Zhejiang University with a Ph.D. degreed.
My research interests lie in system security, intrustion detection and cyber threat analysis techniques. I am now working towards to design practical intrusion detection and attack investigation systems.
“Contact me for intrusion detection systems research that are in line with the industry!!!”(持续招收对安全研究有兴趣的硕士研究生和本科生!)
🔥 News
- 2025.03:🎉🎉 Our work “Lightweight Online Hunting System for Highly Concealed Threats in Massive Log Streams” has been selected as a finalist in the offline round of China(全国总决赛) of the “Software System Security Competition-软件系统安全赛” of the “Software Innovation Competition-软件创新大赛”, congratulations to Shiyu, Yangyang, Yi and Zhengkai. Notification Link
- 2025.02:🎉🎉 Our poster “LLM-Driven Automated Exploit Assessment for Penetration Testing” will appear in NDSS’25 poster session.
- 2025.01:🎉🎉 Our work “Lightweight Online Hunting System for Highly Concealed Threats in Massive Log Streams” has been selected as a finalist in the offline round of the East China Region(区域赛) of the “Software System Security Competition-软件系统安全赛” of the “Software Innovation Competition-软件创新大赛”, congratulations to Shiyu, Yangyang, Yi and Zhengkai. Notification Link
- 2024.12: 🎉🎉 Granted “Leading Goose” R&D Program of Zhejiang as PI.
- 2024.12: 🎉🎉 Our paper “Understanding the Business of Online Affiliate Marketing: An Empirical Study” is accepted by INFOCOM’25.
- 2024.09: 🎉🎉 Awarded Ningbo “YongJiang” Talent Programme (Youth Program).
- 2024.08: 🎉🎉 Granted National Natural Science Foundation of China (Youth Program).
- 2024.08: 🎉🎉 Our paper “Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection” is accepted by NDSS’25.
- 2024.01: 🎉🎉 Our paper “Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments” is accepted by AsiaCCS’24.
📝 Selected Publications
Full List: Google Scholar (* Equally Contribution, # Corresponding Author)
-
NDSS 2025
Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection, Lingzhi Wang, Xiangmin Shen, Weijian Li, Zhenyuan Li#, R Sekar, Han Liu, Yan Chen -
INFOCOM 2025
Understanding the Business of Online Affiliate Marketing: An Empirical Study, Haitao Xu, Yiwen Sun, Kaleem Ullah Qasim, Shuai Hao, Wenrui Ma, Zhenyuan Li, Fan Zhang, Meng Han, Zhao Li -
ArXiv 2024
PentestAgent: Incorporating LLM Agents to Automated Penetration Testing, Xiangmin Shen, Lingzhi Wang, Zhenyuan Li, Yan Chen, Wencheng Zhao, Dawei Sun, Jiashui Wang, Wei Ruan -
ArXiv 2024
From Sands to Mansions: Enabling Automatic Full-Life-Cycle Cyberattack Construction with LLM, Lingzhi Wang, Jiahui Wang, Kyle Jung, Kedar Thiagarajan, Emily Wei, Xiangmin Shen, Yan Chen, Zhenyuan Li

Zhenyuan Li, Yangyang Wei, Xiangmin Shen, Lingzhi Wang, Yan Chen, Haitao Xu, Shouling Ji, Fan Zhang, Liang Hou, Wenmao Liu, Xuhong Zhang, Jianwei Ying
- Marlin conceptualize real-time attack detection in streaming logs as a streaming graph alignment problem, leveraging query graphs to pinpoint critical elements in the provenance graph. Integrated into a tag propagation framework, it processes each event once, reducing redundancy and enhancing efficiency and defense against evasion.
AsiaCCS 2024
Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments, Xiangmin Shen, Zhenyuan Li, Graham Burleigh, Lingzhi Wang, Yan Chen

AttacKG: Constructing Technique Knowledge Graph from Cyber Threat Intelligence Reports
Zhenyuan Li, Jun Zeng, Yan Chen, Zhenkai Liang
- AttacKG can automatically extract structured attack behavior graphs from CTI reports and identify the associated attack techniques, and aggregate threat intelligence across reports to collect different aspects of techniques and enhance attack behavior graphs into technique knowledge graphs (TKGs).
- AttacKG can empower many downstream security applications such as threat identification, automatic threat reasoning and disposition.
-
TDSC 2022
RATScope: Recording and Reconstructing Missing RAT Semantic Behaviors for Forensic Analysis on Windows, Runqing Yang, Xutong Chen, Haitao Xu, Yueqiang Chen, Chunlin Xiong, Linqi Ruan, Mohammad Kavousl, Zhenyuan Li, Liheng Xu, Yan Chen -
COSE 2021
Threat Detection and Investigation with System-level Provenance Graphs: A Survey, Zhenyuan Li, Qi Alfred Chen, Yang Runqing, Yan Chen

Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts
Zhenyuan Li, Qi Alfred Chen, Chunlin Xiong, Yan Chen, Tiantian Zhu, Hai Yang
- The first effective and light-weight deobfuscation approach for PowerShell scripts. Adopted in the product of an startup security company
.
📑 Selected Patents
- 基于标签传递和事件基线学习的实时攻击链检测方法及系统
- 基于标签和图对齐的流式溯源图实时攻击检测方法及系统
- 基于多层数据融合的云平台细粒度溯源数据采集方法与系统
- 基于特征反向传播的攻击检测策略优化方法及系统
- 一种端到端网络攻击构建方法
- 基于动态行为的细粒度RAT程序检测方法、系统及相应的APT攻击检测方法
- 解混淆方法、装置、计算机设备和存储介质
💫 Selected Fundings
- 国家自然基金青年科学基金项目,云原生下大规模实时溯源分析与攻击检测方法和关键技术研究,2025/01-2027/12,在研,项目负责人
- 国家重点研发计划“网络空间安全治理”专项,面向终端的高隐蔽传播网络公害识别,取证和归因研究,2024/01-2026/12,在研,子课题负责人
- CCF-绿盟“鲲鹏”科研基金,云计算环境下基于流处理的大规模溯源分析,2024/01-2024/12,在研,项目负责人
- 国家自然科学基金联合基金项目,面向APT网络攻击链的智能检测与溯源方法及关键技术研究,2021/01-2023/12,结题,技术骨干
📝 Teaching
- 智能软件质量保障(2024年秋冬)
🎓 Students
- Yangyang Wei (Master) 2023 - now
- Jiahui Wang (Master) 2023 - now
- Mingxiang Shi (Master) 2023 - now
- Yu Yang (Master, Co-advised) 2023 - now
- Yao Zhu (Master, Co-advised) 2023 - now
- Yuqiao Gu (Master) 2024 - now
- Zhengkai Wang (Master) 2024 - now
- Ai Jiang (Master, Co-advised) 2024 - now
🎖 Honors and Awards
- 2021.02 Zhejiang Lab’s International Talent Fund for Young Professionals
- 2020-12 Zhejiang University’s Academic Rising Star
- 2017-05 Outstanding Graduate of Xidian University (Top 1%)
- 2015-11 National Scholarship (Undergraduate) (Top 1%)
💬 Invited Talks
- 2020.10, InForSec Cyber Security Academic Papers Sharing (Co-located with Beijing Cyber Security Conference) | [video]
- 2019.11, Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts, CCS’19, London
🛎️ Academic Service
- Reviewer: TIFS(2025), TDSC(2025, 2024), EMSE(2025), TOSEM (2024), Computer & Security(2024), 计算机学报 (2024), 信息安全学报 (2024), 计算机科学 (2024), IEEE Access (2020)
- TPC Member: IEEE Globecom 2025 CISS
- Subreviewer/External reviewer: IEEE S&P (2025, 2024), NDSS (2022), AsiaCCS (2021), CCS (2019, 2018), ICDC (2019), ESORICS (2019)
📖 Educations
- 2017.09 - 2022.06, Ph.D. in Cyber Security, Zhejiang University, Advised by Prof. Yan Chen.
- 2021.05 - 2022.04, Visiting Ph.D. Student, National University of Singapore, Advised by Prof. Zhenkai Liang.
- 2015.09 - 2019.06, B.S. in Information Security, Xidian University.
- 2010.09 - 2013.06, Zhenhai Middle School, Ningbo.
💻 Working Experience
- 2023.07 - now, Zhejiang University, Hangzhou, China.
- 2022.07 - 2023.07, Huawei, 2012 Lab, Hangzhou, China.