Han Zhang张 晗

Associate Professor

Institute for Network Sciences and Cyberspace
Tsinghua University, P. R. China

zhhan@tsinghua.edu.cn Google Scholar Publications GitHub
1,475Citations 17h-index 28i10-index 79Scholar Papers 13Active Students
Han Zhang

About

My research interests broadly span Network Measurement and Security and AI for Network, with a focus on wide area networks, the Internet, and cloud computing. My work aims to make these systems smarter and more secure by bridging networking and security with observability, data science, machine learning, formal verification, artificial intelligence, and distributed computing.

In the areas of observability and routing technologies, I have conducted in-depth research and led projects such as DeepShield. To date, I have published nearly 100 papers in top-tier international conferences and journals, including SIGCOMM, INFOCOM, CoNEXT, and CCS. My research outcomes have been widely adopted in industry, with related technologies deeply integrated into critical national network infrastructures such as China Telecom's backbone network, the Future Internet Technology Infrastructure (FITI), and CERNET / CERNET2. These contributions serve vital sectors including telecommunications operators, the military, and other areas crucial to the national economy and people's livelihoods.

I have received the ACM SIGCSE China Rising Star Award and serve as an editorial board member for domestic journals such as Communication Technology, as well as a guest editor for international journals including MDPI Electronics and IEEE JSAC. I also regularly review for prestigious international journals such as IEEE/ACM TON, IEEE TPDS, and IEEE TIFS. In addition, I have been actively involved in organizing and serving on program committees for major international conferences, including ACM SIGCOMM, ACM CoNEXT, and IEEE INFOCOM. The technologies developed through my research have been applied to serve hundreds of millions of users.

Looking for students: I am looking for PhD / Master students (enrolling in Fall 2027) to join our exciting systems and networking projects. Experience with system programming is a big plus — feel free to reach out!

What's New

Research Areas

Network Measurement and Security

Distributed tracing systems SIGCOMM'23 SIGCOMM'25; SSL/TLS certificate analysis WWW'25; configuration verification TIFS'24; malicious container detection CCS'22; malicious traffic detection TIFS'22 TIFS'23 CCS'21 NDSS'22 SIGCOMM'25; log analysis TIFS'21; APT detection TIFS'23; flow measurement TPDS'21.

AI for Network

Deep-learning encrypted-traffic anomaly detection SIGCOMM'25 TIFS'22 CCS'21 NDSS'22; AI-assisted distributed tracing SIGCOMM'23 SIGCOMM'25; structure-semantics fusion for web observability WWW'26; online learning for SD-WAN TIFS'23; APT detection with provenance graphs TIFS'23 IEEE Network'26; log analysis with NLP TIFS'21; learning-driven malicious container detection CCS'22; in-network ML acceleration INFOCOM'24.

Flagship Systems

Systems that have moved beyond papers — open-sourced, deployed at scale, or adopted by international communities.

DeepFlow
eBPF · Zero-Code Observability · SIGCOMM '23

Network-centric distributed tracing that reconstructs causal traces across Kubernetes, service mesh and serverless platforms without any application code change. Open-sourced as an industry de-facto standard.

4,084 Stars 456 Forks CNCF Sandbox
CNCF Sandbox eBPF / WASM K8s · Service Mesh SIGCOMM '23
SIGCOMM '23 Paper GitHub deepflow.io
DeepTrace
Production Tracing · SIGCOMM '25 · ICSE '26

Low-overhead, non-intrusive distributed application observation. Dual-path kernel + user-space protocol parsing achieves accurate method-level delay estimation in production clusters at ~10× less instrumentation overhead.

173 Stars 17 Forks
Production-deployed Method-level delay SIGCOMM '25 ICSE '26
SIGCOMM '25 Paper GitHub Pub list
DeepShield
ISP-Centric IDS · SIGCOMM '26

Carrier-scale intrusion detection on programmable switches: data-plane lightweight feature extraction + control-plane adaptive learning. Sustains Tbps-class detection while staying robust to traffic drift and adversarial evasion. Validated in real ISP backbones.

Tbps line-rate Programmable switches P4 · adaptive ML SIGCOMM '26
SIGCOMM '26 — to appear Pub list

Real-World Deployments & Industry Impact

Research outcomes integrated into national network infrastructures and tier-1 industry products, serving telecom operators, education networks, public clouds, and security vendors.

National Backbone
China Telecom Backbone

Encrypted-traffic anomaly detection at line rate; large-scale WAN sensing & optimization.

National Infrastructure
FITI — Future Internet Test Infrastructure

Programmable-switch IDS & segment-routing diagnosis deployed on the national next-generation Internet testbed.

Education Network
CERNET / CERNET2

DeepFlow-based observability and routing-anomaly analysis across the China Education and Research Network.

Public Cloud
Tencent Cloud

Observability for large-scale microservice systems; co-designed traffic engineering for inter-DC WAN.

Enterprise WAN
Sangfor (深信服)

Application-aware WAN transmission optimization for enterprise SD-WAN products.

Security Vendor
NSFOCUS (绿盟)

Key technologies for security-testing facilities and large-scale traffic analysis.

Selected Publications

* corresponding author  ·  co-primary authors  ·  underline marks supervised students. Full list on Google Scholar.

SIGCOMM '26

Providing Efficient and Robust ISP-Centric Intrusion Detection Service with Programmable Switches

Han Zhang, Xuefeng Liu, Linqiang Qian, Guyue (Grace) Liu, Tianyu Zhang, Kaiyang Zhao, Yantu Tong, Zeji Xiao, Dongbiao He, Yahui Li, Ke Ruan, Jilong Wang, Yongqing Zhu, Xia Yin

Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '26), 2026. To appear.

SIGCOMM '26 — to appear
Abstract

Internet Service Providers are uniquely positioned to deliver intrusion detection at the network's choke points, but operating an IDS at carrier scale faces stringent throughput, accuracy, and robustness constraints that conventional middlebox or host-based solutions cannot meet. This work proposes an ISP-centric IDS architecture built on programmable switches: it co-designs lightweight feature extraction in the data plane with adaptive learning in the control plane to sustain Tbps-class detection while remaining robust to traffic drift and adversarial evasion. The system has been validated in real ISP backbones and demonstrates orders-of-magnitude resource savings over CPU/GPU baselines without sacrificing detection quality.

SIGCOMM '25

Low-Overhead Distributed Application Observation with DeepTrace: Achieving Accurate Tracing in Production Systems

Yantao Geng, Han Zhang*, Zhiheng Wu, Yahui Li, Jilong Wang, Xia Yin

Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '25), pp. 1056–1069, 2025.

PDF ACM DL
Abstract

Distributed tracing is a cornerstone for diagnosing performance issues in modern microservice architectures, yet existing solutions either incur prohibitive instrumentation overhead or sacrifice accuracy in production. DeepTrace proposes a non-intrusive, dual-path observation framework that parses protocol semantics at both kernel and user space, achieving accurate method-level delay estimation with negligible runtime cost. Large-scale evaluation in real production clusters shows DeepTrace reduces tracing overhead by an order of magnitude while preserving end-to-end causal accuracy.

BibTeX 
@inproceedings{geng2025deeptrace,
  title     = {Low-Overhead Distributed Application Observation with DeepTrace},
  author    = {Geng, Yantao and Zhang, Han and Wu, Zhiheng and Li, Yahui and Wang, Jilong and Yin, Xia},
  booktitle = {ACM SIGCOMM},
  pages     = {1056--1069},
  year      = {2025}
}
SIGCOMM '25

Achieving High-Speed and Robust Encrypted Traffic Anomaly Detection with Programmable Switches

Han Zhang, Guyue Liu*, Xingang Shi, Yahui Li, Jilong Wang, Yongqing Zhu, Ke Ruan, Jie Liang, Xia Yin

Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '25), pp. 1254–1256, 2025.

PDF ACM DL
Abstract

Detecting anomalies in line-rate encrypted traffic has long been hindered by the conflict between deep-learning accuracy and switch ASIC constraints. We present a programmable-switch-based pipeline that offloads lightweight feature extraction to the data plane while retaining robust classification in the control plane, enabling Tbps-class anomaly detection. The system has been deployed in real ISP backbones with sustained accuracy under concept drift and adversarial perturbations.

BibTeX 
@inproceedings{zhang2025p4ad,
  title     = {Achieving High-Speed and Robust Encrypted Traffic Anomaly Detection with Programmable Switches},
  author    = {Zhang, Han and Liu, Guyue and Shi, Xingang and Li, Yahui and Wang, Jilong and Zhu, Yongqing and Ruan, Ke and Liang, Jie and Yin, Xia},
  booktitle = {ACM SIGCOMM},
  pages     = {1254--1256},
  year      = {2025}
}
SIGCOMM '23

Network-centric Distributed Tracing with DeepFlow: Troubleshooting Your Microservices in Zero Code

Junxian Shen, Han Zhang*, Yang Xiang, Xingang Shi, Xinrui Li, Yunxi Shen, Zijian Zhang, et al.

Annual Conference of the ACM Special Interest Group on Data Communication (SIGCOMM '23), pp. 420–437, 2023.

PDF Code
Abstract

DeepFlow rethinks distributed tracing from a network-centric viewpoint: by hooking eBPF probes at protocol boundaries, it reconstructs causal traces across heterogeneous services without any application code change. Deployed at large cloud operators, DeepFlow has become an open-source de-facto standard, achieving zero-code observability across Kubernetes, service mesh, and serverless platforms.

BibTeX 
@inproceedings{shen2023deepflow,
  title     = {Network-centric Distributed Tracing with DeepFlow: Troubleshooting Your Microservices in Zero Code},
  author    = {Shen, Junxian and Zhang, Han and Xiang, Yang and Shi, Xingang and Li, Xinrui and Shen, Yunxi and Zhang, Zijian and others},
  booktitle = {ACM SIGCOMM},
  pages     = {420--437},
  year      = {2023}
}
CCS '22

Gringotts: Fast and Accurate Internal Denial-of-Wallet Detection for Serverless Computing

Junxian Shen, Han Zhang*, Yantao Geng, Jiawei Li, Jilong Wang, Mingwei Xu

ACM SIGSAC Conference on Computer and Communications Security (CCS '22), pp. 2627–2641, 2022.

PDF
Abstract

Serverless platforms charge per invocation, making them uniquely vulnerable to internal Denial-of-Wallet attacks where compromised functions burn the tenant's budget. Gringotts performs fast cost-anomaly detection inside the function runtime, combining causal call-graph analysis with adaptive billing-aware thresholds to detect attacks in milliseconds with sub-1% false positive rate.

BibTeX 
@inproceedings{shen2022gringotts,
  title     = {Gringotts: Fast and Accurate Internal Denial-of-Wallet Detection for Serverless Computing},
  author    = {Shen, Junxian and Zhang, Han and Geng, Yantao and Li, Jiawei and Wang, Jilong and Xu, Mingwei},
  booktitle = {ACM CCS},
  pages     = {2627--2641},
  year      = {2022}
}
CoNEXT '21

Boosting Bandwidth Availability over Inter-DC WAN

Han Zhang, Xingang Shi*, Xia Yin, Jilong Wang, Zhiliang Wang, Yingya Guo, Tian Lan

ACM CoNEXT '21, 2021.

PDF
Abstract

Inter-datacenter WANs trade off bandwidth utilization against fault tolerance, often leaving large capacity stranded. This paper proposes a traffic-engineering primitive that jointly schedules elephant and mice flows under probabilistic failure models, lifting effective inter-DC bandwidth availability by 1.4–2.1× on real Tencent and China Telecom topologies, while preserving SLA guarantees during link failures.

ICSE '26

Non-Intrusive Distributed Tracing with Method-Level Delay Estimation for Microservices Troubleshooting

Yantao Geng, Han Zhang*, Zhiheng Wu, Yahui Li, Jilong Wang, Xia Yin

ACM/IEEE International Conference on Software Engineering (ICSE '26). To appear.

ICSE '26 — to appear
Abstract

Pinpointing latency culprits inside complex microservice call graphs traditionally requires invasive code instrumentation. This work introduces a fully non-intrusive tracing technique that infers method-level delays from network-side observations and lightweight runtime hints, eliminating the need to modify application code. Evaluation on production-scale microservice deployments demonstrates fault-localization accuracy on par with intrusive baselines at a fraction of the engineering cost.

WWW '26

GlassMiner: Mining Looking Glass Services via Structure-Semantics Fusion for Web Observability

Yunze Wei, Xingang Shi, Han Zhang*, Tianyu Zhang, Yahui Li, Xia Yin

Proceedings of the ACM Web Conference (WWW '26), pp. 7576–7587, 2026.

PDF ACM DL
Abstract

Looking Glass (LG) services expose a fragmented but invaluable view of the global Internet's routing fabric, yet their heterogeneous interfaces and free-form output have long resisted automated analysis. GlassMiner proposes a structure-semantics fusion approach that jointly models the DOM-level layout and natural-language hints of LG portals to extract structured measurements at scale. The system enables continent-wide BGP path observability and uncovers previously hidden routing anomalies across thousands of operator portals.

INFOCOM '24

NNetFEC: In-network FEC Encoding Acceleration for Latency-sensitive Multimedia Applications

Yi Qiao, Han Zhang*, Jilong Wang

IEEE INFOCOM 2024, pp. 420–437, 2024.

PDF
Abstract

Forward Error Correction (FEC) is essential for low-latency video, AR/VR, and cloud gaming, but software FEC encoders cap end-host throughput. NNetFEC offloads encoding to programmable switches, exploiting tensor-style P4 templates to sustain line-rate FEC across 100GbE links while reducing 99-th percentile tail latency by 4–6× in real-world streaming workloads.

ICNP '25

SRmesh: Deterministic and Efficient Diagnosis of Latency Bottleneck Links in SRv6 Networks

Kaiyang Zhao, Han Zhang*, Yao Tong, Yahui Li, Xingang Shi, Zhiliang Wang, Xia Yin, Jianping Wu

IEEE International Conference on Network Protocols (ICNP '25), pp. 1–12, 2025.

PDF
Abstract

Existing latency-diagnosis tools for SRv6 either flood the data plane with probes or return probabilistic verdicts. SRmesh embeds deterministic in-band telemetry into segment-routing headers, enabling per-link latency attribution with bounded measurement overhead. It has been validated in a multi-vendor SRv6 testbed and identifies bottleneck links in seconds with 100% recall.

All Publications by Year
View on Google Scholar
2026
  1. [1] Han Zhang, Xuefeng Liu, Linqiang Qian, Guyue Liu, Tianyu Zhang, Kaiyang Zhao, Yantu Tong, Zeji Xiao, Dongbiao He, Yahui Li, Ke Ruan, Jilong Wang, Yongqing Zhu, Xia Yin. "Providing Efficient and Robust ISP-Centric Intrusion Detection Service with Programmable Switches." ACM SIGCOMM 2026 (to appear)
  2. [2] Yunze Wei, Xingang Shi, Han Zhang*, Tianyu Zhang, Yahui Li, Xia Yin. "GlassMiner: Mining Looking Glass Services via Structure-Semantics Fusion for Web Observability." ACM WWW 2026, pp. 7576–7587. PDF
  3. [3] Junxian Shen, Han Zhang*, Wenxue Lin, Yantao Geng, Jiawei Li, Jilong Wang, Mingwei Xu. "Clover: Workload Verification for Real-Time Detection of Contention-Induced Slowdowns in Serverless Platforms." IEEE/ACM Transactions on Networking, 2026. PDF
  4. [4] Yantao Geng, Han Zhang*, Zhiheng Wu, Yahui Li, Jilong Wang, Xia Yin. "Non-Intrusive Distributed Tracing with Method-Level Delay Estimation for Microservices Troubleshooting." ACM ICSE 2026 (to appear)
  5. [5] Kaiyang Zhao, Han Zhang*, Yao Tong, Yahui Li, Xingang Shi, Zhiliang Wang, Xia Yin, Jianping Wu. "Efficient Slice-Parallel Distributed Probing in SRv6 Networks." IEEE/ACM Transactions on Networking, 2026.
  6. [6] XinZhe Liu, Yahui Li, Han Zhang, Renrui Tian, Xia Yin, Xingang Shi, Zhiliang Wang, Gang Ren, Jilong Wang, Jiangyuan Yao. "Comprehensive Network Configuration Verification via Effective Environment Reduction." IEEE INFOCOM 2026.
  7. [7] Shuhuan Wang, Zhiyu Wang, Hao Sun, Zhi Jiang, Xia Yin, Dongbin Han, Han Zhang, Xingang Shi, Jiahai Yang. "The Evolution of Provenance-Based Intrusion Detection Systems: A Review of Approaches, Limitations, and Future Directions." IEEE Network, 2026. PDF
2025
  1. [1] Tianyu Zhang, Han Zhang*, Yunze Wei, Yahui Li, Xingang Shi, Jilong Wang, Xia Yin. "ACME++: Secure ACME Client Verification for Web-PKI." ACM WWW 2025 PDF
  2. [2] Zhaozhen Wang, Xingang Shi*, Haijun Geng, Han Zhang, Xia Yin, Zhiliang Wang. "On Non-Commutative Routing." IEEE INFOCOM 2025, pp. 420–437.
  3. [3] Weiting Zhang, Jiadong Ren, Tao Zheng, Ruibin Guo, Han Zhang, Shiwen Mao, Hongke Zhang*. "GenNet: Computing-Efficient Generative AI for Deterministic Transmission Scheduling in 6G Networks." IEEE Communications Magazine, vol. 63, no. 8, pp. 48–55, 2025. PDF
  4. [4] Ying Tian, Zhiliang Wang*, Xia Yin, Xingang Shi, Jiahai Yang, Han Zhang*. "Centralized Network Utility Maximization with Accelerated Gradient Method." IEEE Transactions on Networking, 2025. PDF
  5. [5] Yantao Geng, Han Zhang*, Zhiheng Wu, Yahui Li, Jilong Wang, Xia Yin. "Low-Overhead Distributed Application Observation with DeepTrace: Achieving Accurate Tracing in Production Systems." ACM SIGCOMM 2025, pp. 1056–1069. PDF
  6. [6] Han Zhang, Guyue Liu*, Xingang Shi, Yahui Li, Jilong Wang, Yongqing Zhu, Ke Ruan, Jie Liang, Xia Yin. "Achieving High-Speed and Robust Encrypted Traffic Anomaly Detection with Programmable Switches." ACM SIGCOMM 2025, pp. 1254–1256. PDF
  7. [7] Zhiyun Tang, Yahui Li, Xingang Shi, Jilong Wang, Yongqing Zhu, Ke Ruan, Xia Yin, Han Zhang*. "Probabilistic Analysis of Overload-Free Property for Critical Traffic." IEEE/ACM IWQoS 2025, pp. 1–6. PDF
  8. [8] Xingang Shi, Zitong Jin*, Bin Xiong, Xinyao Huang, Xiaotian Xi, Dan Li, Han Zhang, Zhiliang Wang, Xia Yin. "HELA: Inferring AS Relationships with a Hybrid of Empirical and Learning Algorithms." IEEE Transactions on Networking, 2025. PDF
  9. [9] Kaiyang Zhao, Han Zhang*, Yao Tong, Yahui Li, Xingang Shi, Zhiliang Wang, Xia Yin, Jianping Wu. "SRmesh: Deterministic and Efficient Diagnosis of Latency Bottleneck Links in SRv6 Networks." IEEE ICNP 2025, pp. 1–12. PDF
  10. [10] Su Wang, Hongbin Sun, Zhiliang Wang, Tao Zhou, Xia Yin, Dongqi Han, Han Zhang, Xingang Shi, Jiahai Yang. "End-to-end Attack Scene Reconstruction in a Host with Rules and Anomaly-based Detection Models." IEEE TIFS. PDF
  11. [11] Yanxu Fu, Pei Zhang*, Han Zhang, Xiaohong Huang, Kun Xie, Dandan Li. "BGPFlow: Flow-based Feature Extraction for BGP Anomaly Detection." SIGCOMM NGNO Workshop 2025, pp. 13–20. PDF
  12. [12] XinZhe Liu, Yahui Li*, Han Zhang, Xia Yin, Xingang Shi, Zhiliang Wang, Gang Ren, Jilong Wang, Jiangyuan Yao. "Scalable and Interpretable Overlay Network Checking via Ensemble Verification." ACM CoNEXT 2025. PDF
  13. [13] Renrui Tian, Yahui Li*, Han Zhang, XinZhe Liu, Xia Yin, Xingang Shi, Zhiliang Wang, Jilong Wang. "Poster: ERIS: Evaluating ROV via ICMPv6 Rate Limiting Side Channels." ACM CCS 2025. PDF
2024
  1. [1] Yi Qiao, Han Zhang*, Jilong Wang. "NNetFEC: In-network FEC Encoding Acceleration for Latency-sensitive Multimedia Applications." IEEE INFOCOM 2024, pp. 420–437. PDF
  2. [2] Xinzhe Liu, Yahui Li*, Han Zhang, Xia Yin, Xingang Shi, Zhiliang Wang, Gang Ren, Jiangyuan Yao. "Poster: Scalable and Interpretable Multilayer Overlay Network Checking via Ensemble Verification." ACM SIGCOMM 2024 (Posters & Demos). PDF
  3. [3] Yahui Li, Han Zhang*, Jilong Wang, Xingang Shi, Xia Yin, Zhiliang Wang, Jiankun Hu, Congcong Miao, Jianping Wu. "Proactively Verifying Quantitative Network Policy across Unsafe and Unreliable Environments." IEEE TIFS, vol. 19, pp. 10099–10113, 2024. PDF
  4. [4] Weihan Chen, Zhiliang Wang*, Han Zhang, Xia Yin, Xingang Shi. "Cost-efficient flow migration for SFC dynamical scheduling in geo-distributed clouds." Computer Networks, vol. 249, July 2024. PDF
  5. [5] Jun He, Yahui Li*, Han Zhang*, Changqing An, Jilong Wang. "ROV-GD: Improving the Measurement of ROV Deployment Using Graph Difference." IEEE ISCC 2024, pp. 1–7.
  6. [6] Kunling He, Fenghua Li, Jessie Hui Wang, Han Zhang, Yiren Zhao. "AB-TCAD: An Access Behavior-Based Two-Stage Compromised Account Detection Framework." IFIP Networking 2024, pp. 104–112.
2023
  1. [1] Junxian Shen, Han Zhang*, Yang Xiang, Xingang Shi, Xinrui Li, Yunxi Shen, Zijian Zhang, et al. "Network-centric distributed tracing with DeepFlow: Troubleshooting your microservices in zero code." ACM SIGCOMM 2023, pp. 420–437. PDF
  2. [2] Ming Wang, Yahui Li, Han Zhang, Anlun Hong, Jun He, Jilong Wang. "Knocking Cells: Latency-Based Identification of IPv6 Cellular Addresses on the Internet." IEEE ISCC 2023. PDF
  3. [3] Jiawei Li, Han Zhang*, Jilong Wang. "PUVAR: Minimize Idle Resource SLO Violations by Uncertainty-Aware Scheduling in Cloud Platforms." IEEE ICWS 2023. PDF
  4. [4] Yantao Geng, Han Zhang*, Jilong Wang. "Delay Based Congestion Control for Cross-Datacenter Networks." IEEE/ACM IWQoS 2023. PDF
  5. [5] Allen Hong, Yahui Li*, Han Zhang*, Ming Wang, Changqing An, Jilong Wang. "A cheap and accurate delay-based IP Geolocation method using Machine Learning and Looking Glass." IFIP Networking 2023. PDF
  6. [6] Jun He, Yahui Li*, Han Zhang*, Ming Wang, Changqing An, Jilong Wang. "Be Careful of Your Neighbors: Injected Sub-Prefix Hijacking Invisible to Public Monitors." IEEE ICC 2023.
  7. [7] Shuanghong Yu, Fenghua Li*, Han Zhang, Kunling He, Xingkun Yao. "GapReplay: A High-Accuracy Packet Replayer." IEEE ICC 2023. PDF
  8. [8] Heng Yu, Han Zhang*, Junxian Shen, Yantao Geng, et al. "Serpens: A High-Performance FaaS Platform for Network Functions." IEEE TPDS, vol. 34, no. 8, pp. 2448–2463, Aug. 2023. PDF
  9. [9] Pei Zhang, Fangzhou He, Han Zhang*, Jiankun Hu, et al. "Real-Time Malicious Traffic Detection With Online Isolation Forest Over SD-WAN." IEEE TIFS, vol. 18, pp. 2076–2090, 2023. PDF
  10. [10] Tianbo Wang, Huacheng Li, Chunhe Xia*, Han Zhang, Pei Zhang. "From the Dialectical Perspective: Modeling and Exploiting of Hybrid Worm Propagation." IEEE TIFS, vol. 18, pp. 1610–1624, 2023. PDF
  11. [11] Yahui Li, Han Zhang*, Jilong Wang, Xia Yin, Xingang Shi, Jianping Wu. "A General Approach to Generate Test Packets With Network Configurations." IEEE TPDS, vol. 34, no. 4, pp. 1362–1375, Apr. 2023. PDF
2022
  1. [1] Yi Qiao, Menghao Zhang, Yu Zhou, Xiao Kong, Han Zhang*, et al. "NetEC: Accelerating Erasure Coding Reconstruction With In-Network Aggregation." IEEE TPDS, vol. 33, no. 10, pp. 2571–2583, Oct. 2022. PDF
  2. [2] Su Wang, Zhiliang Wang*, Tao Zhou, Hongbin Sun, Xia Yin, Dongqi Han, Han Zhang, et al. "THREATRACE: Detecting and Tracing Host-Based Threats in Node Level Through Provenance Graph Learning." IEEE TIFS, vol. 17, pp. 3972–3987, 2022. PDF
  3. [3] Han Zhang, Xia Yin, Xingang Shi*, Jilong Wang, Zhiliang Wang, Yingya Guo, Tian Lan, Yahui Li, Yongqing Zhu, Ke Ruan, Haijun Geng. "Achieving High Availability in Inter-DC WAN Traffic Engineering." IEEE/ACM Transactions on Networking, 2022. PDF
  4. [4] Zongyi Zhao, Xingang Shi*, Zhiliang Wang, Qi Li, Han Zhang, Xia Yin. "Efficient and Accurate Flow Record Collection With HashFlow." IEEE TPDS, vol. 33, no. 5, pp. 1069–1083, May 2022. PDF
  5. [5] Shangbin Han, Qianhong Wu, Han Zhang, Bo Qin, Jiangyuan Yao, Willy Susilo. "Autoperman: Automatic Network Traffic Anomaly Detection with Ensemble Learning." ICAIS 2022. PDF
  6. [6] Junxian Shen, Han Zhang*, Yantao Geng, Jiawei Li, Jilong Wang, Mingwei Xu. "Gringotts: Fast and Accurate Internal Denial-of-Wallet Detection for Serverless Computing." ACM CCS 2022, pp. 2627–2641. PDF
  7. [7] Dongqi Han, Zhiliang Wang*, Wenqi Chen, Kai Wang, Rui Yu, Su Wang, Han Zhang, et al. "Anomaly Detection in the Open World: Normality Shift Detection, Explanation, and Adaptation." NDSS 2022. PDF
  8. [8] Heng Yu, Junxian Shen, Han Zhang*, Jilong Wang, Congcong Miao, Mingwei Xu. "Scorpius: Proactive Code Preparation to Accelerate Function Startup." IEEE/ACM IWQoS 2022. PDF
  9. [9] Yongkang Chen, Ming Zhang*, Jin Li, Xiaohui Kuang, Xurong Zhang, Han Zhang. "Dynamic and Diverse Transformations for Defending Against Adversarial Examples." IEEE TrustCom 2022. PDF
  10. [10] Ying Tian, Zhiliang Wang*, Xia Yin, Xingang Shi, Jiahai Yang, Han Zhang. "Centralized Network Utility Maximization with Accelerated Gradient Method." IEEE ICNP 2022. PDF
  11. [11] Shangbin Han, Qianhong Wu, Han Zhang*, Bo Qin. "Light-weight Unsupervised Anomaly Detection for Encrypted Malware Traffic." IEEE DSC 2022. PDF
2021
  1. [1] Han Zhang, Xingang Shi*, Xia Yin, Jilong Wang, Zhiliang Wang, Yingya Guo, Tian Lan. "Boosting bandwidth availability over inter-DC WAN." ACM CoNEXT 2021. PDF
  2. [2] Dongqi Han, Zhiliang Wang*, Wenqi Chen, Ying Zhong, Su Wang, Han Zhang, Jiahai Yang, Xingang Shi, Xia Yin. "DeepAID: Interpreting and Improving Deep Learning-based Anomaly Detection in Security Applications." ACM CCS 2021. PDF
  3. [3] Weihan Chen, Zhiliang Wang*, Han Zhang, Xia Yin, Xingang Shi. "Cost-Efficient Dynamic Service Function Chain Embedding in Edge Clouds." IEEE CNSM 2021. PDF
  4. [4] Ying Tian, Zhiliang Wang*, Xia Yin, Xingang Shi, Jiahai Yang, Han Zhang, Yingya Guo, et al. "Traffic Engineering with Segment Routing Considering Probabilistic Failures." IEEE CNSM 2021. PDF
  5. [5] Yingya Guo, Weipeng Wang, Han Zhang, Wenzhong Guo, Zhiliang Wang, Ying Tian, et al. "Traffic Engineering in Hybrid Software Defined Network via Reinforcement Learning." JNCA, vol. 189, 2021. PDF
  6. [6] Shangbin Han, Qianhong Wu, Han Zhang*, Bo Qin, Jiankun Hu, et al. "Log-Based Anomaly Detection With Robust Feature Extraction and Online Learning." IEEE TIFS, vol. 16, pp. 2300–2311, 2021. PDF
  7. [7] Haijun Geng, Han Zhang*, Yangyang Zhang. "Efficient Routing Protection Algorithm in Large-Scale Networks." CMC, vol. 66, no. 3, p. 1733, 2021. PDF
2020
  1. [1] Weihan Chen, Zhiliang Wang, Han Zhang, Xia Yin, Xingang Shi, Lei Sun. "Joint Optimization of Service Function Chain Elastic Scaling and Routing." IEEE INFOCOM Workshops 2020. PDF
  2. [2] Yahui Li, Zhiliang Wang*, Xia Yin, Xingang Shi, Jianping Wu, Fangdan Ye, Jiangyuan Yao, Han Zhang. "Assisting reachability verification of network configurations updates with NUV." Computer Networks, vol. 177, 2020. PDF
  3. [3] Haijun Geng, Han Zhang, Xingang Shi*, Zhiliang Wang, Xia Yin. "Efficient computation of loop-free alternates." JNCA, vol. 151, 2020. PDF
  4. [4] Haijun Geng, Han Zhang, Xingang Shi*, et al. "A hybrid link protection scheme for ensuring network service availability in link-state routing networks." JCN, vol. 22, no. 1, pp. 46–60, 2020. PDF
2019
  1. [1] Han Zhang, Haijun Geng, Yahui Li, et al. "DA&FD – Deadline-Aware and Flow Duration-Based Rate Control for Mixed Flows in DCNs." IEEE/ACM ToN, vol. 27, no. 6, pp. 2458–2471, 2019. PDF
  2. [2] Yingya Guo, Zhiliang Wang*, Han Zhang, Xia Yin, Xingang Shi, Jianping Wu. "Joint optimization of tasks placement and routing to minimize Coflow Completion Time." JNCA, vol. 135, 2019. PDF
  3. [3] Yahui Li, Zhiliang Wang*, Jiangyuan Yao, Xia Yin, Xingang Shi, Jianping Wu, Han Zhang. "MSAID: Automated detection of interference in multiple SDN applications." Computer Networks, vol. 153, 2019. PDF
  4. [4] Zhiliang Wang, Han Zhang*, Xingang Shi, et al. "Efficient Scheduling of Weighted Coflows in Data Centers." IEEE TPDS, vol. 30, no. 9, pp. 2003–2017, 2019. PDF
  5. [5] Yahui Li, Xia Yin, Zhiliang Wang*, Jiangyuan Yang, Xingang Shi, Jianping Wu, Han Zhang, et al. "A Survey on Network Verification and Testing With Formal Methods: Approaches and Challenges." IEEE COMST, vol. 21, no. 1, pp. 940–969, 2019. PDF
2018 and before
  1. [1] Zhifeng Liu, Xia Yin, Zhiliang Wang, Xingang Shi, Yiqiang Hua, Xiaohong Huang, Liang Wei, Jiangyuan Yao, Han Zhang, et al. "Design and construction of hierarchical and cross-regional SDN verification and demonstration system." Telecommunications Science, 2018. PDF
  2. [2] Han Zhang, Xingang Shi, Yingya Guo, Haijun Geng, Zhiliang Wang, Xia Yin. "Joint source selection and transfer optimization for erasure coding storage system." IEEE IPCCC 2017. PDF
  3. [3] Han Zhang, Xingang Shi*, Xia Yin, Zhiliang Wang. "Yosemite: Efficient scheduling of weighted coflows in data centers." IEEE ICNP 2017. PDF
  4. [4] Han Zhang, Xingang Shi, Xia Yin, Zhiliang Wang, Yingya Guo. "FDRC – Flow duration time based rate control in data center networks." IEEE/ACM IWQoS 2016.
  5. [5] Zongyi Zhao, Qi Li, Mingwei Xu, Xingang Shi, Han Zhang. "Reduce completion time and guarantee throughput by transport with slight congestion." IEEE ICC 2016. PDF
  6. [6] Xiao Ma, Chuang Lin, Han Zhang*, Jianwei Liu. "Energy-Aware Computation Offloading of IoT Sensors in Cloudlet-Based Mobile Edge Computing." Sensors, 2018. PDF
  7. [7] M. Gharaibeh, Han Zhang, C. Papadopoulos, J. Heidemann. "Assessing co-locality of IP blocks." IEEE INFOCOM Workshops 2016. PDF
  8. [8] Yingya Guo, Zhiliang Wang, Xia Yin, Xingang Shi, Jianping Wu, Han Zhang. "Incremental deployment for traffic engineering in hybrid SDN network." IEEE IPCCC 2015.
  9. [9] Haijun Geng, Xingang Shi, Xia Yin, Zhiliang Wang, Han Zhang. "Algebra and algorithms for efficient and correct multipath QoS routing in link state networks." IEEE/ACM IWQoS 2015. PDF
  10. [10] Haijun Geng, Xia Shi, Xia Yin, Zhiliang Wang, Han Zhang. "An efficient link protection scheme for link-state routing networks." IEEE ICC 2015. PDF
  11. [11] Han Zhang, Xingang Shi, Xia Yin, Fengyuan Ren, Zhiliang Wang. "More load, more differentiation — A design principle for deadline-aware congestion control." IEEE INFOCOM 2015. PDF
  12. [12] Han Zhang, C. Papadopoulos. "BotTalker: Generating encrypted, customizable C&C traces." IEEE HST 2015. PDF
  13. [13] Haijun Geng, Xia Shi, Xingang Yin, Zhiliang Wang, Han Zhang, Jiangyuan Yao. "A hybrid link protection scheme for link-state routing networks." IEEE IPCCC 2014. PDF
  14. [14] Haijun Geng, Xingang Shi, Xia Yin, Zhiliang Wang, Han Zhang, Jiangyuan Yao. "Let more nodes have a second choice." IEEE IPCCC 2014. PDF
  15. [15] Han Zhang, Xingang Shi*, Yingya Guo, Zhiliang Wang, Xia Yin. "More load, more differentiation — Let more flows finish before deadline in data center networks." Computer Networks, vol. 127, 2017. PDF

Patents

Network Measurement and Security (网络测量与安全)  — 27 items
  1. 张晗, 钱林强, 李卓, 刘雪枫. 基于频域增强与单类自适应学习的加密流量异常检测技术.
  2. 张晗, 武志衡, 耿彦涛. 基于内核态与用户态双路径协议特征解析的分布式请求追踪方法.
  3. 张晗, 武志衡, 耿彦涛. 基于本地异常感知的元数据驱动型分布式请求追踪方法.
  4. 张晗, 李卓, 武志衡, 钱林强. 基于多层协议解析和智能分析的网络流量处理系统.
  5. 张晗, 李卓, 钱林强, 刘雪枫. 面向 SD-WAN 的基于 AE-DQN 的双阶段自适应异常流量检测系统.
  6. 张晗, 张天宇. 深度学习恶意流量检测的预训练数据源审计方法.
  7. 张晗, 张天宇. 基于适应性分割熵的网络在线异常检测方法.
  8. 张晗, 张天宇. 基于频域增强与单类自适应学习的加密流量异常检测技术.
  9. 张晗, 钱林强, 李卓. 基于可编程交换机的高速加密流量双平面特征提取技术.
  10. 张晗, 张天宇, 李亚慧, 施新刚, 尹霞. 一种安全检测方法、装置、存储介质和计算机设备.
  11. 张晗, 耿彦涛, 武志衡. 微服务的追踪方法、装置、设备及存储介质.
  12. 张晗, 耿彦涛, 李卓, 王继龙, 李亚慧, 尹霞. 异常流量的检测方法、装置和可编程交换机.
  13. 张晗, 沈俊贤, 王继龙, 李亚慧, 张千里. 在线微服务应用的监控方法、系统、设备、产品及介质.
  14. 张晗, 李嘉睿, 王继龙, 尹霞, 施新刚, 安常青. 流量入侵检测方法、装置、设备、存储介质和程序产品.
  15. 张晗, 肖泽基, 王继龙, 李亚慧. 网络流量包头轨迹合成方法、装置、服务器及存储介质.
  16. 张晗, 赵铠阳, 施新刚, 尹霞, 吴建平. 服务等级目标违规诊断方法、装置、设备及介质.
  17. 张晗, 汤之韫, 李亚慧. 网络中链路可用性评估方法和装置、电子设备与存储介质.
  18. 张晗, 耿彦涛, 施新刚, 王继龙, 尹霞. 基于远程带内遥测和时延的流量调度方法和装置.
  19. 张晗, 尹霞, 施新刚, 王继龙, 王之梁. 在线检测网络流量的方法及系统.
  20. 张晗, 洪安伦, 王继龙, 李亚慧, 安常青, 王明, 何俊. 基于主动时延探测的 IP 地理定位方法及装置.
  21. 王之梁, 韩东岐, 陈闻起, 钟莹, 王苏, 张晗, 等. 在线反馈的知识蒸馏方法和装置.
  22. 王之梁, 韩东岐, 陈闻起, 钟莹, 王苏, 张晗, 等. 面向网络安全异常检测中深度学习模型的解释方法.
  23. 王之梁, 韩东岐, 金明辉, 陈闻起, 王凯, 蔚睿, 王苏, 张晗, 等. 网络安全异常检测中深度学习模型的更新方法与装置.
  24. 王继龙, 李嘉睿, 张晗, 安常青. 基于网络空间地图的网络异常检测方法及装置.
  25. 施新刚, 赵宗义, 尹霞, 张晗, 王之梁. 一种丢包检测方法及装置、存储介质.
  26. 施新刚, 奚枭天, 赵宗义, 尹霞, 王之梁, 张晗. 一种网络异常流量检测方法和装置.
  27. 王继龙, 王明, 李亚慧, 王会, 张晗, 洪安伦, 何俊. 基于时延的 IPv6 地址信用风险检测方法及装置.
AI for Network (网络智能)  — 19 items
  1. 张晗, 佟瑶, 童彦图, 彭可心, 高杨宸严, 尹霞. 一种面向网络快速重路由的完美路由树构建方法.
  2. 张晗, 赵铠阳, 尹霞, 吴建平. 面向跨域分段路由的可信验证方法技术.
  3. 张晗, 童彦图, 赵铠阳, 高杨宸严, 佟瑶, 彭可心. 面向跨域训练流量的相位感知路由算法.
  4. 张晗, 张天宇, 卫蕴泽, 李亚慧, 施新刚, 尹霞. 基于 ACME 协议的安全验证方法、系统及相关装置.
  5. 张晗, 尹霞, 施新刚, 王之梁, 王继龙. 网络资源管理方法及相关设备.
  6. 张晗, 刘雪枫, 王继龙, 李亚慧, 尹霞. 路由中断检测方法、装置、设备及存储介质.
  7. 张晗, 王继龙, 沈俊贤. 资源管理系统.
  8. 张晗, 赵铠阳, 尹霞, 吴建平. 基于带内网络遥测的 OSPF 路由异常检测方法技术.
  9. 张晗, 卫蕴泽, 施新刚, 李亚慧, 尹霞. 互联网测量服务挖掘方法、装置和存储介质.
  10. 张晗, 卫蕴泽, 尹霞, 李亚慧, 施新刚. 互联网路由器地理定位方法、装置和存储介质.
  11. 张晗, 李卓, 王继龙, 李亚慧, 尹霞. 面向互联网服务提供商的加密多媒体流量分类方法及装置.
  12. 王继龙, 王明, 李亚慧, 王会, 张晗, 洪安伦, 何俊. 基于时延的 IPv6 地址信用风险检测方法及装置.
  13. 李亚慧, 刘鑫喆, 张晗, 尹霞, 施新刚, 王之梁, 任罡. 基于混合符号化的路由配置验证方法.
  14. 李亚慧, 刘鑫喆, 张晗, 尹霞, 施新刚, 王之梁, 任罡. 基于大语言模型的路由配置互译方法.
  15. 李亚慧, 刘鑫喆, 张晗, 尹霞, 施新刚, 王之梁, 任罡. 基于互联网路由配置的测试数据包生成方法.
  16. 王之梁, 陈蔚瀚, 张晗, 尹霞, 施新刚. 服务链部署处理的方法、装置、计算机存储介质及终端.
  17. 王之梁, 陈蔚瀚, 张晗, 尹霞, 施新刚. 基于服务链的流量迁移方法、装置、电子设备及存储介质.
  18. 王之梁, 陈蔚瀚, 张晗, 尹霞, 施新刚. 基于流量迁移的模型训练方法、装置、设备及介质.
  19. 王之梁, 田莹, 尹霞, 施新刚, 杨家海, 张晗. 分段路由网络中考虑故障的流量工程计算方法和装置.

Key Projects

Academic Service

Selected Awards & Honors

InternationalRecognition by international research communities
NationalNational-level science & technology awards
CommunityPeer-recognized rising-star & researcher awards
ServiceRecognition for academic service & reviewing

Teaching

Students

Current Students

Kaiyang ZhaoPh.D., Y5 · co-advised w/ Prof. Xia Yin & Prof. Jianping Wu
Chenyan GaoyangPh.D., Y4 · co-advised w/ Prof. Youjian Zhao
Yantao GengPh.D., Y4
Xuefeng LiuPh.D., Y3
Zeji XiaoPh.D., Y3 · co-advised w/ Prof. Jilong Wang
Zhuo LiMaster, Y3
Boyang WangPh.D., Y2 · co-advised w/ Prof. Xia Yin
Hanyang LinMaster, Y2
Zhiheng WuMaster, Y2
Yantu TongPh.D., Y1
Linqiang QianMaster, Y1
Yao TongMaster, Y1 · co-advised w/ Prof. Xia Yin
Kexin PengMaster, Y1 · co-advised w/ Prof. Youjian Zhao

Alumni

Zhiyun TangMaster → Huawei Technologies
Junxian ShenPh.D. → South China University of Technology
Jiarui LiMaster → Alibaba Cloud
Heng YuPh.D. → Zhongguancun Laboratory
Yi QiaoPh.D. → China Academy of Space Technology
Shangbin HanPh.D. → Quan Cheng Laboratory