I'm Yu Liu.

Ph.D student of Computer Science at WPI



Welcome to my page. I'm Yu, a second year Ph.D student at WPI. My major research interest lies in Cybersecurity. Though internet is already one of the most important basic infrastructure of the world, it keeps growing up and will reach to the status that all physical instances are connected. (Internet Of Things). Attackers will have more resources and targets, and get more benefits from malicious activities. Network complexity will also impede defense. Therefore, creating a cosy internet environment for people, by removing their concerns about privacy and security, will become extremely important.


Zhengzhou University (China), Bachelor, Communication Engineer, 2011.8-2015.6

University of Delaware, Master, Electrical & Computer Engineer, 2015.8-2017.6

Worcester Polytech Institute, Ph.D, advised by Dr. Craig Shue, Computer Science, 2017.6-today

Research Interest & Activities

Cybersecurity: Residential network security (IOT Security)

SDN (Software Defined Network)

Computer Network

Operating System

ALAS Lab(Applied Logic and Security)


Research Assistant at University of Delaware

Time: Jun 2016 - Feb 2017

Advisor: Andrew Novocin

Role: Team leader

Topic: Embed fingerprint recognition into ATM machines.

Research Assistant at WPI

Time: June 2017 - Aug 2017

Advisor: Craig Shue

Role: Individual Researcher

Topic: Residential SDN network

Teaching Assistant at WPI

Time: Aug 2017 - May 2018

Courses: Operating System, Computer Network, Software Security Engineer

Work: Grading and answering questions from undergraduate students.

Research Assistant at WPI

Time: May 2018 - Current

Advisor: Craig Shue


1. Yu Liu, Curtis R. Taylor, Craig A. Shue, "Authenticating Endpoints and Vetting Connections in Residential Networks," IEEE ICNC Workshop on Computing, Networking and Communications (CNC), 2019.

[Abstract][Full Paper]

The security of residential networks can vary greatly. These networks are often administrated by end-users who may lack security expertise or the resources to adequately defend their networks. Insecure residential networks provide attackers with opportunities to infiltrate systems and create a platform for launching powerful attacks. To address these issues, we introduce a new approach that uses software-defined networking (SDN) to allow home users to outsource their security maintenance to a cloud-based service provider. Using this architecture, we show how a novel network-based two-factor authentication approach can be used to protect Internet of Things devices. Our approach works without requiring modifications to end-devices. We further show how security modules can enforce protocol messages to limit the attack surface in vulnerable devices. Our analysis shows that the system is effective and adds less than 50 milliseconds of delay to the start of a connection with less than 100 microseconds of delay for subsequent packets.

2. Yu Liu, Matthew R. Squires, Curtis R. Taylor, Robert J. Walls, Craig A. Shue, "Account Lockouts: Characterizing and Preventing Account Denial-of-Service Attacks," Security and Privacy in Communication Network (SecureComm), 2019.

[Abstract][Full Paper]

To stymie password guessing attacks, many systems lock an account after a given number of failed authentication attempts, preventing access even if proper credentials are later provided. Combined with the proliferation of single sign-on providers, adversaries can use relatively few resources to launch large-scale application-level denial-of-service attacks against targeted user accounts by deliberately providing incorrect credentials across multiple authentication attempts. In this paper, we measure the extent to which this vulnerability exists in production systems. We focus on Microsoft services, which are used in many organizations, to identify exposed authentication points. We measure 2,066 organizations and found between 58% and 77% of organizations expose authentication portals that are vulnerable to account lockout attacks. Such attacks can be completely successful with only 13 KBytes/second of attack traffic. We then propose and evaluate a set of lockout bypass mechanisms for legitimate users. Our performance and security evaluation shows these solutions are effective while introducing little overhead to the network and systems.

On-Going Projects

Distributed Internet Traffic Filtering

User Privacy Behind Carrier-Grade NAT (CGN)

Internet of Things (IoT) device analysis


Email Address: yliu25@wpi.edu

QQ Number: 546271763

Find me on other socials:


Payment Required

$10 please

Kidding you.

There is no connection on this payment page. Besides, if unfortunately you believed me at the first, please always keep in mind to be cautious.