Xinhao Deng 邓欣豪
I am currently an Algorithm Expert at Ant Group and a Postdoctoral Researcher jointly affiliated with Tsinghua University and Ant Group. I received my Ph.D. in June 2025 from the Institute for Network Sciences and Cyberspace at Tsinghua University, advised by Prof. Qi Li, while also benefiting greatly from the mentorship of Profs. Jianping Wu, Ke Xu, and Mingwei Xu.
My research primarily explores the security of LLMs and LLM agents, focusing particularly on attack and defense techniques across the LLM agent lifecycle (e.g., OpenClaw). Additionally, I work on network traffic analysis, with an emphasis on website and traffic fingerprinting for LLM agents. My research has been published in top-tier conferences and journals, including IEEE S&P, ACM CCS, NDSS, KDD, WWW, IEEE INFOCOM, IEEE TIFS, and IEEE/ACM ToN.
Our team is currently recruiting interns and full-time members focusing on agent security. Interested candidates are warmly welcome to reach out. I am also always happy to discuss potential research collaborations. Feel free to contact me at xinhaodeng.thu@gmail.com.
Open Source Projects
Publications
2026
Preprint
Xinhao Deng, Yixiang Zhang, Jiaqing Wu, Jiaqi Bai, Sibo Yi, Zhuoheng Zou, Yue Xiao, Rennai Qiu, Jianan Ma, Jialuo Chen, Xiaohu Du, Xiaofang Yang, Shiwen Cui, Changhua Meng, Weiqiang Wang, Jiaxing Song, Ke Xu, Qi Li.
Taming OpenClaw: Security Analysis and Mitigation of Autonomous LLM Agent Threats. PDF
Taming OpenClaw: Security Analysis and Mitigation of Autonomous LLM Agent Threats. PDF
Preprint
Xinhao Deng, Jiaqing Wu, Miao Chen, Yue Xiao, Ke Xu, Qi Li.
Automating Agent Hijacking via Structural Template Injection. PDF
Automating Agent Hijacking via Structural Template Injection. PDF
ToN'26
Xinhao Deng, Xiyuan Zhao, Qilei Yin, Zhuotao Liu, Qi Li, Mingwei Xu, Ke Xu, Jianping Wu.
Towards Robust Multi-tab Website Fingerprinting. PDF
IEEE/ACM Transactions on Networking, 2026.
Towards Robust Multi-tab Website Fingerprinting. PDF
IEEE/ACM Transactions on Networking, 2026.
ToN'26
Yuqi Qing, Qilei Yin, Xinhao Deng, Yihao Chen, Zhuotao Liu, Kun Sun, Ke Xu, Jia Zhang, Qi Li.
Towards Robust Detection of Malicious Encrypted Traffic Using Only Low-Quality Training Data.
IEEE/ACM Transactions on Networking, 2026.
Towards Robust Detection of Malicious Encrypted Traffic Using Only Low-Quality Training Data.
IEEE/ACM Transactions on Networking, 2026.
WWW'26
Xiyuan Zhao, Xinhao Deng, Tianyu Cui, Yixiang Zhang, Ke Xu, Qi Li.
Robust LLM-Based Website Fingerprinting under Dynamic Real-World Conditions.
ACM Web Conference (WWW), 2026.
Robust LLM-Based Website Fingerprinting under Dynamic Real-World Conditions.
ACM Web Conference (WWW), 2026.
INFOCOM'26
Yifei Cheng, Yujia Zhu, Baiyang Li, Xinhao Deng, Yitong Cai, Yaochen Ren, Qingyun Liu.
STAR: Semantic-Traffic Alignment and Retrieval for Zero-Shot HTTPS Website Fingerprinting. PDF
IEEE INFOCOM, 2026.
STAR: Semantic-Traffic Alignment and Retrieval for Zero-Shot HTTPS Website Fingerprinting. PDF
IEEE INFOCOM, 2026.
NDSS'26
Xinhao Deng, Yixiang Zhang, Qi Li, Zhuotao Liu, Yabo Wang, Ke Xu.
Enhancing Website Fingerprinting Attacks against Traffic Drift. PDF
Network and Distributed System Security Symposium (NDSS), 2026.
Enhancing Website Fingerprinting Attacks against Traffic Drift. PDF
Network and Distributed System Security Symposium (NDSS), 2026.
2025
Preprint
Yixiang Zhang, Xinhao Deng, Zhongyi Gu, Yihao Chen, Ke Xu, Qi Li, Jianping Wu.
Exposing LLM User Privacy via Traffic Fingerprint Analysis: A Study of Privacy Risks in LLM Agent Interactions. PDF
Exposing LLM User Privacy via Traffic Fingerprint Analysis: A Study of Privacy Risks in LLM Agent Interactions. PDF
TST'25
Xinhao Deng, Jingyou Chen, Linxiao Yu, Yixiang Zhang, Zhongyi Gu, Changhao Qiu, Xiyuan Zhao, Ke Xu, Qi Li.
Beyond a Single Perspective: Towards a Realistic Evaluation of Website Fingerprinting Attacks. PDF
Tsinghua Science and Technology (TST), 2025.
Beyond a Single Perspective: Towards a Realistic Evaluation of Website Fingerprinting Attacks. PDF
Tsinghua Science and Technology (TST), 2025.
CCS'25
Yuqi Qing, Qilei Yin, Xinhao Deng, Xiaoli Zhang, Peiyang Li, Zhuotao Liu, Kun Sun, Ke Xu, Qi Li.
Training Robust Classifiers for Classifying Encrypted Traffic under Dynamic Network Conditions. PDF
ACM CCS, 2025.
Training Robust Classifiers for Classifying Encrypted Traffic under Dynamic Network Conditions. PDF
ACM CCS, 2025.
WWW'25
Yifei Cheng, Yujia Zhu, Baiyang Li, Peishuai Sun, Yong Ding, Xinhao Deng, Qingyun Liu.
HOLMES & WATSON: A Robust and Lightweight HTTPS Website Fingerprinting through HTTP Version Parallelism. PDF
ACM Web Conference (WWW), 2025.
HOLMES & WATSON: A Robust and Lightweight HTTPS Website Fingerprinting through HTTP Version Parallelism. PDF
ACM Web Conference (WWW), 2025.
KDD'25
Li Gao, Chuanpu Fu, Xinhao Deng, Ke Xu, Qi Li.
Wedjat: Detecting Sophisticated Evasion Attacks via Real-time Causal Analysis. PDF
ACM SIGKDD, 2025.
Wedjat: Detecting Sophisticated Evasion Attacks via Real-time Causal Analysis. PDF
ACM SIGKDD, 2025.
2024
Preprint
Tianyu Cui, Yanling Wang, Chuanpu Fu, Yong Xiao, Sijia Li, Xinhao Deng, Yunpeng Liu, Qinglin Zhang, Ziyi Qiu, Peiyang Li, Zhixing Tan, Junwu Xiong, Xinyu Kong, Zujie Wen, Ke Xu, Qi Li.
Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems. PDF
Risk Taxonomy, Mitigation, and Assessment Benchmarks of Large Language Model Systems. PDF
CCS'24
Xinhao Deng, Qi Li, Ke Xu.
Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis. PDFCode
ACM CCS, 2024.
Artifact Evaluation: 🏅 Available · 🏅 Reusable · 🏅 Reproduced
Robust and Reliable Early-Stage Website Fingerprinting Attacks via Spatial-Temporal Distribution Analysis. PDFCode
ACM CCS, 2024.
Artifact Evaluation: 🏅 Available · 🏅 Reusable · 🏅 Reproduced
CCS'24
Xiyuan Zhao*, Xinhao Deng* (Equal Contribution), Qi Li, Yunpeng Liu, Zhuotao Liu, Kun Sun, Ke Xu.
Towards Fine-Grained Webpage Fingerprinting at Scale. PDFCode
ACM CCS, 2024.
Artifact Evaluation: 🏅 Available · 🏅 Functional · 🏅 Reproduced
Towards Fine-Grained Webpage Fingerprinting at Scale. PDFCode
ACM CCS, 2024.
Artifact Evaluation: 🏅 Available · 🏅 Functional · 🏅 Reproduced
TNSM'24
Xinhao Deng, Mingwei Xu, Qi Li, Weijie Wu, Yuan Yang, Menghao Zhang, Yu Zhou, Jianping Wu.
Exploring Dynamic Rule Caching Under Dependency Constraints for Programmable Switches: Theory, Algorithm, and Implementation. PDF
IEEE Transactions on Network and Service Management (TNSM), 2024.
Exploring Dynamic Rule Caching Under Dependency Constraints for Programmable Switches: Theory, Algorithm, and Implementation. PDF
IEEE Transactions on Network and Service Management (TNSM), 2024.
NDSS'24
Yuqi Qing, Qilei Yin, Xinhao Deng, Yihao Chen, Zhuotao Liu, Kun Sun, Ke Xu, Jia Zhang, Qi Li.
Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic. PDFCode
NDSS, 2024.
Low-Quality Training Data Only? A Robust Framework for Detecting Encrypted Malicious Network Traffic. PDFCode
NDSS, 2024.
Before 2024
S&P'23
Xinhao Deng, Qilei Yin, Zhuotao Liu, Xiyuan Zhao, Qi Li, Mingwei Xu, Ke Xu, Jianping Wu.
Robust Multi-tab Website Fingerprinting Attacks in the Wild. PDFCodeDataset
IEEE S&P, 2023.
Robust Multi-tab Website Fingerprinting Attacks in the Wild. PDFCodeDataset
IEEE S&P, 2023.
SecureComm'23
Guoqiang Zhang, Jiahao Cao, Mingwei Xu, Xinhao Deng.
Unsupervised and Adaptive Tor Website Fingerprinting. PDF
EAI SecureComm, 2023.
Unsupervised and Adaptive Tor Website Fingerprinting. PDF
EAI SecureComm, 2023.
TIFS'22
Qi Li, Xinhao Deng, Zhuotao Liu, Yuan Yang, Xiaoyue Zou, Mingwei Xu, Jianping Wu.
Dynamic Network Function Enforcement via Joint Flow and Function Scheduling. PDF
IEEE Transactions on Information Forensics and Security (TIFS), 2022.
Dynamic Network Function Enforcement via Joint Flow and Function Scheduling. PDF
IEEE Transactions on Information Forensics and Security (TIFS), 2022.
C&S'22
Jie Sun, Lingchen Zhao, Zhuotao Liu, Qi Li, Xinhao Deng, Qian Wang, Yong Jiang.
Practical Differentially Private Online Advertising. PDF
Computers & Security, 2022.
Practical Differentially Private Online Advertising. PDF
Computers & Security, 2022.
TNSM'19
Shu Yang, Laizhong Cui, Xinhao Deng, Qi Li, Yulei Wu, Mingwei Xu, Jianping Wu.
FISE: A Forwarding Table Structure for Enterprise Networks. PDF
IEEE Transactions on Network and Service Management (TNSM), 2019.
FISE: A Forwarding Table Structure for Enterprise Networks. PDF
IEEE Transactions on Network and Service Management (TNSM), 2019.
Honors & Awards
- 2025 Outstanding Doctoral Dissertation of Tsinghua University (清华大学优秀博士学位论文)
- 2024 Science and Technology Award (1st Class), Chinese Institute of Electronics (中国电子学会科技进步一等奖)
- 2024 Student Travel Grant, ACM CCS 2024
- 2024 1st-Class Scholarship, Tsinghua University (清华大学一等奖学金)
- 2023 Tsinghua–Longfor Scholarship (清华–龙湖奖学金)
- 2022 1st-Class Scholarship, Tsinghua University (清华大学一等奖学金)
- 2019 China National Scholarship (国家奖学金)
Academic Services
| Conference Reviewer | WWW'25, SecureComm'23, ACSAC'22, ACSAC'20 |
| Journal Reviewer | TIFS, TNSM |
| Artifact Evaluation | Security'25, CCS'24, ACSAC'22 |
| External Reviewer | S&P'25, CCS'24, NDSS'24, Security'23, WWW'23 |