I am an Assistant Professor of Computer Science in the Systems and Security Center at School of Information Science and Technology (SIST), ShanghaiTech University. My research lies at the intersection of computer security and machine learning. I aim to build robust, data-driven ML solutions for real-world security applications, with a focus on evaluating and safeguarding deployed systems. My recent work studies the security of online platforms, including real-world image retrieval systems, phishing websites and emails, and other cybercrime-related applications. I also work on adversarial machine learning, graph-based learning, and the application of large language models to security. My work has been published at top venues such as USENIX Security, CCS, IEEE S&P, WWW, and SOUPS.

I received my Ph.D. in Computer Science from the University of Illinois at Urbana–Champaign in 2025, where I was advised by Dr. Gang Wang. Prior to that, I earned my M.S. degree from Johns Hopkins University in 2017 and my B.S. degree from the University of Washington, Seattle in 2015.

Selected Publications (Full List)

  • Revelio: Blurred Images Can Still Disclose Your Identity
    Haoyu Zhai, Shuo Wang, Pirouz Naghavi, Qingying Hao, and Gang Wang
    The 47th IEEE Symposium on Security and Privacy (IEEE SP), San Francisco, CA, May 2026.
    PDF
  • Can You Walk Me Through It? Explainable SMS Phishing Detection using LLM-based Agents
    Yizhu Wang, Haoyu Zhai, Chenkai Wang, Qingying Hao, Nick A. Cohen, Roopa Foulger, Jonathan A. Handler, and Gang Wang
    The 21st Symposium on Usable Privacy and Security (SOUPS), Seattle, WA, August 2025.
    PDF
  • It Doesn't Look Like Anything to Me: Using Diffusion Model to Subvert Visual Phishing Detectors
    Qingying Hao, Nirav Diwan, Ying Yuan, Giovanni Apruzzese, Mauro Conti, and Gang Wang
    The 33rd USENIX Security Symposium (USENIX Security), Philadelphia, PA, August 2024.
    PDF · Supplementary · Slides · Code
  • Are Adversarial Phishing Webpages a Threat in Reality? Understanding the Users’ Perception of Adversarial Webpages
    Ying Yuan, Qingying Hao, Giovanni Apruzzese, Mauro Conti, and Gang Wang
    The ACM Web Conference (WWW), Singapore, May 2024.
    PDF
  • How to Cover up Anomalous Accesses to Electronic Health Records
    Xiaojun Xu, Qingying Hao, Zhuolin Yang, Bo Li, David Liebovitz, Gang Wang, and Carl Gunter
    The 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, August 2023.
    PDF
  • It's Not What It Looks Like: Manipulating Perceptual Hashing Based Applications
    Qingying Hao, Licheng Luo, Steve T.K. Jan, and Gang Wang
    The ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 2021.
    PDF · Video · Slides
  • CADE: Detecting and Explaining Concept Drift Samples for Security Applications
    Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, Xinyu Xing, and Gang Wang
    The 30th USENIX Security Symposium (USENIX Security), Vancouver, BC, Canada, August 2021.
    PDF · Supplementary · Code · Artifact Evaluated
  • Throwing Darts in the Dark? Detecting Bots with Limited Data Using Neural Data Augmentation
    Steve T.K. Jan, Qingying Hao, Tianrui Hu, Jiameng Pu, Sonal Oswal, Gang Wang, and Bimal Viswanath
    The 41st IEEE Symposium on Security and Privacy (IEEE SP), San Francisco, CA, May 2020.
    PDF