Liwen Xu

About me

Hey! I am Liwen Xu, a second year PhD student in Computer Science at the ETH Zürich , and a member of the Network Security (Netsec) Group, where I was fortunate to be supervised by Prof. Adrian Perrig and advised by Prof. Huayi Duan. Previously, I obtained my master's degree from the Institute of Cyber Science and Technology at Shanghai Jiao Tong University (SJTU) and bachelor's degree from School of Cyber Engineering, Xidian University (XDU).

I am currently working on multiple projects related to DNS Security and have a wide range of interests in Compter Networks, SCION and interdisciplinary areas with AI. Previously I was focusing on Threat Discovery and Correlation, Situational Awareness and Threat Intelligence.

My resume (Last update: April, 2024) can be found here. Please feel free to contact me if you wish more information.

Education

Ph.D., ETH Zürich (ETHz), Zürich, Switzerland (Aug 2024 - Present)

Major: Computer Science
Supervisor: Prof. Adrian Perrig
Advisor: Prof. Huayi Duan
Group: Network Security (Netsec) Group

M.Eng., Shanghai Jiao Tong University (SJTU, Project 985), Shanghai, China (Sep 2021 - Mar 2024)

Major: Cyberspace Security (Exam-exempted)
Supervisor: Prof. Jianhua Li, Institute of Cyber Science and Technology
Laboratory: National Engineering Research Center for Information Content Analysis Technology (NERCICAT)
Dissertation: Research on Cyber Security Threat Sensing and Intelligence Endogenization Based on Multi-source Heterogeneous Data
GPA: 3.7/4.0

B.Eng., Xidian University (XDU, Project 211), Xi’an, Shaanxi, China (Sep 2017 - Jun 2021)

Major: Cyberspace Security (Experimental Class)
Supervisor: Associate Prof. Ning Zhang and Prof. Hui Li, School of Cyber Engineering
Dissertation: A Real-time Intelligent Detection System for Malicious Network Traffic Based on Deep Learning (Outstanding Thesis Award)
GPA: 3.9/4.0 (Ranking: 1/40)

Selected Honors and Awards

Postgraduate Academic Scholarship of SJTU, 2023
Postgraduate Academic Scholarship of SJTU, 2022
The First Prize Scholarship of SJTU (Top 10% got the awards), 2021
Outstanding Graduate of Shaanxi (Top 1% got the awards), 2021
Outstanding Graduate of Xidian University (Top 1% got the awards), 2021
Outstanding Thesis Award of Xidian University (Top 1% got the awards, Advised by Prof. Ning Zhang), 2021
Special Prize of National Cryptography Technology Competition (Top 1 got the awards), 2019
National Scholarship, China (Top 1% got the awards), 2019
National Scholarship, China (Top 1% got the awards), 2018

Internship

CIS (Cybersecurity Intelligence System) Development, Huawei Technologies Co., Ltd. (Jun 2019 – Aug 2019)

Position: Intern, Security Intelligence Development Department
Project Focus: Addressing data consistency challenges in Huawei's Security Situation Awareness Platform due to non-idempotent data transactions in a Hadoop environment influenced by RPC characteristics and network issues.
Key Responsibilities: Conducted a thorough analysis of data duplication issues during Kafka data consumption by HDFS through Flume and assessed the impact on system reliability.
Solution Proposed: Devised a strategy incorporating Redis caching to mitigate data duplication by checking the uniqueness of data prior to processing, thus enforcing data consistency.
Outcomes: The implementation of the Redis-based solution effectively reduced the occurrence of redundant data, enhancing the accuracy of the platform's offline analytical processes.

Security Component Adaptation Based on SM Algorithm, Hikvision Digital Technology Co., Ltd. (Jun 2020 – Aug 2020)

Position: Intern, Cybersecurity Department
Project Focus: Enhancing the support for Chinese National Standard (GuoMi) cryptographic algorithms in OpenSSL version 1.1.1d/g, both in direct and EVP (Envelope) modes.
Key Responsibilities: Added GuoMi algorithm support to OpenSSL, collaborated with the department's cryptographic engine team, and performed performance testing on Hisilicon and Intel x64 platforms.
Solution Proposed: Developed and executed performance testing for cryptographic cards from Tsinghua University and Suzhou Guoxin, and created automation scripts for OpenSSL and mbedTLS, enhancing deployment and testing efficiency.
Outcomes: The enhancements made to OpenSSL and the Nginx server significantly raised the performance and security standards, meeting the project's objectives and contributing to Hikvision's cryptographic infrastructure.

Publications and Invited Talks

HiSec: Towards Cyber Threat Correlation and Discovery Based on Hierarchical Graph Neural Networks

Liwen Xu¹, Xiang Lin¹, Jianhua Li¹, Bai Min², Liejun Wang²
The 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom-2023)

¹Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China

²Qianxin Threat Intelligence Center, Qianxin Technology Group Co., LTD, Beijing 100000, China

Cloud Asset Security Analysis based on Hierarchical Graph Neural Network

ZHANG Yilian¹, ZHOU Diqing¹, XU Liwen², YE Tianpeng², LIN Xiang²
Journal of Cyber Security, China

¹State Grid Shanghai Municipal Electric Power Company, Shanghai 200122, China

²Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China

Personalized Lightweight Distributed Network Intrusion Detection System in Fog Computing

YE Tianpeng¹, LIN Xiang¹, LI Jianhua¹, ZHANG Xuankai¹, XU Liwen¹
Chinese Journal of Network and Information Security

¹Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China

(Talk) Localized Intelligence Production and Threat Discovery Based on Unknown Cyberattacks Discovery Using Endogenous Data

Liwen Xu
The Wuhan Cybersecurity Innovation Forum, 2023, China

Patents

Graph Modeling Method for Security Semantics of Critical Information Infrastructure (Under Review)

Author: XU Liwen, BAI Min¹, WANG Liejun¹
Application No.: 202311433049.1

APT Detection Method Based on Hierarchical Graph Neural Network with Spatio-temporal Feature Fusion (Under Review)

Author: XU Liwen, BAI Min¹, WANG Liejun¹
Application No.: 202311517251.2

¹Threat Intelligence Center, QI-ANXIN Technology Group Inc., Beijing 100000, China

Anomaly Detection Method for Cloud Security Based on Graph Neural Network (Under Review)

Author: ZHANG Yilian¹, LIN Xiang², XU Liwen², YE Tianpeng²
Application No.: 202210956849.0

Compression Method of Deep Learning Model for Network Intrusion Detection (Under Review)

Author: ZHANG Yilian¹, LIN Xiang², YE Tianpeng², XU Liwen²
Application No.: 202210956842.9

¹State Grid Shanghai Municipal Electric Power Company, Shanghai 200122, China

²Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China

Research Projects

DaLens (DNS Self-amplification Lens)

rProfiler (DNS Resolver Profiler)

Localized Intelligence Production and Threat Discovery Based on Network Endogenous Data (Sep 2022 - Oct 2023)

Consigner: QI-ANXIN Technology Group Inc.
Funding: National Student Innovation Funding Joint Research Program
Dynamic Graph Modeling: Innovated a dynamic graph model for complex networks using multi-source data, significantly enhancing real-time attack detection and reducing computational overhead.
Hierarchical Neural Network for Threat Correlation and Discovery: Created HiSec, a cutting-edge hierarchical neural network framework, improving the detection of advanced cyber threats and enriching threat intelligence.
Attack Graph-Based Threat Intelligence: Formulated the Ag2Intel model to transform attack graphs into actionable threat intelligence, elevating the accuracy and readability of security insights.

RISC-V Processor Core for Chinese National Cryptographic Algorithm (May 2019 - Nov 2019)

Project Overview: Achieved top honors for designing a RISC-V processor tailored to Chinese National Cryptographic Standards, specifically focusing on the structural features of the SM3 and SM4 algorithms.
Research and Development: Conducted in-depth research into the SM3 and SM4 algorithms to identify critical areas for acceleration. Designed custom acceleration instructions within the RISC-V instruction set architecture.
Impact: The enhanced Xcore processor facilitated accelerated cryptographic instruction execution and improved instruction speedup ratio and algorithm throughput without additional hardware investment.

Teaching

252-0064-00L Computer Networks, (Spring 2025)

Teaching Assistant, D-INFK, ETH Zürich

263-4640-00L Network Security, (Autumn 2024/2025.)

Teaching Assistant, D-INFK, ETH Zürich

IS412 Theory and Application of Content Security, (Sep 2021 – Jun 2023)

Teaching Assistant, Shanghai Jiao Tong University

Supervision

Senne Mark Z Van den Broeck. Detecting and Mitigating DNS Message Amplification Attacks. Master's thesis, ETH Zürich, March 2025

Advisors: Dr. Huayi Duan, Liwen Xu, Prof. Mathias Payer, Dr. Bernhard Tellenbach and Prof. Adrian Perrig.

Marko Lisicic. A First Look at DNS Cache Exhaustion. Master's thesis, ETH Zürich, March 2025

Advisors: Dr. Huayi Duan, Liwen Xu, and Prof. Adrian Perrig.

Xuhao Wan. Research on Cybersecurity Threat Intelligence Model Design and Parsing and Cleaning Techniques. Bachelor's thesis (A+), SJTU, June 2023

Advisors: Prof. Jianhua Li, Liwen Xu.

Tong Guo. Cryptocurrency Mining Behavior Detection Based on Deep Learning and Multidimensional Feature Recognition. Bachelor's thesis, SJTU, June 2023

Advisors: Dr. Xiang Lin, Liwen Xu.

Academic Services

Reviewer

USENIX Symposium on Networked Systems Design and Implementation (NSDI 2026, External)
IEEE/ACM International Symposium on Quality of Service (IWQoS 2025, External)
Asia-Pacific Workshop on Networking (APNet 2025, External)

Artifact Reviewer

IEEE Symposium on Security and Privacy (IEEE S&P 2026, Artifact Evaluation Committee)
USENIX Security Symposium (USENIX Security 2025, External)

Submission System Administrator

The 33rd IEEE International Conference on Network Protocols (ICNP 2025)

Photos

All
Internships
Competitions
Services
Overseas
Talks