About

Gang Wang is an Associate Professor in the Department of Computer Science at the University of Illinois at Urbana-Champaign, with affiliate appointments in the Department of Electrical and Computer Engineering and the Informatics Program of the School of Information Sciences. He received his Ph.D. from UC Santa Barbara in 2016, under the guidance of Ben Y. Zhao and Heather Zheng, and earned a B.E. from Tsinghua University in 2010. Prior to joining Illinois in 2019, he worked as an Assistant Professor at Virginia Tech from 2016 to 2019. His research interests encompass Security and Privacy, Internet Measurement, and Data Mining. His work employs data-driven approaches to address emerging security threats across various communication systems, including social media, email services, crowdsourcing platforms, mobile applications, and enterprise networks. Key contributions include developing measurement methodologies that have uncovered overlooked security threats such as crowdturfing activities, security certification failures, email spoofing vulnerabilities, and deep link usage in mobile ecosystems. He has also advanced the application of machine learning techniques in security contexts, focusing on bot detection and malware classification to handle adversarial behaviors and concept drift. Currently, his research centers on creating robust, scalable, and user-friendly security solutions through machine learning and graph models, with a focus on human-machine collaboration to improve the efficacy of defenses against adaptive attackers. Wang collaborates with industry partners and researchers from related fields such as HCI and AI to tackle these challenges.

Research topics

• Computer Science
• Computer Security
• Artificial Intelligence
• Data Mining
• Machine Learning
• Data science
• Telecommunications
• Human–computer interaction
• Physics

Selected publications

• DFLADMM-M: Decentralized Federated Learning via Momentum-Accelerated ADMM

  2026-01-23

  article

  Decentralized Federated Learning (DFL) has emerged as a viable alternative to traditional federated learning by eliminating the central server and enabling peer-to-peer collaboration. Despite its benefits in scalability and communication efficiency, it suffers from model inconsistency across clients and local overfitting due to data heterogeneity. To address these challenges, we propose DFLADMM-m, a DFL algorithm that integrates the Alternating Direction Method of Multipliers (ADMM) with momentum method. The ADMM enforces consensus among local models, while stochastic gradient descent (SGD) with momentum accelerates updates and alleviates oscillations. Extensive experiments on standard benchmarks such as MNIST and CIFAR-10 demonstrate that DFLADMM-m achieves superior performance compared to state-of-the-art DFL algorithms, offering improved accuracy under heterogeneous data settings and various communication topologies.

  PublisherDOI

• Anonymous Authentication Scheme Based on Non-Interactive Zero-Knowledge Proof

  2025-05-16

  article

  With the rapid advancement of the digital age, the Internet has become an integral part of daily life. While users benefit from the convenience of online services, they are increasingly confronted with a critical conflict between identity privacy and security. Under traditional authentication mechanisms, malicious actors often exploit the login channel immediately after user registration, leading to the leakage of personal data. To address this issue, this paper proposes an anonymous identity authentication scheme based on non-interactive zero-knowledge proof. By employing ring signatures in combination with non-interactive zero-knowledge proofs, the proposed method ensures both the legitimacy of user identities and the security of the authentication process. Furthermore, the use of national cryptographic algorithms enhances the scheme's resilience against external attacks. Finally, we conduct comparative experiments to evaluate the proposed scheme. The results demonstrate that it provides anonymity, zero-knowledge soundness, resistance to quantum attacks, replay attacks, and double-spending. Additionally, the scheme achieves higher efficiency in signature generation and verification compared to an RSA+SHA-based ring signature authentication approach.

  PublisherDOI

• Fine-grained data cross-domain access control policy based on ciphertext policy attribute encryption

  International Journal of Information and Communication Technology · 2025-01-01

  articleOpen access

  As the big data technique rapidly develops, the demand for inter-agency cross-domain data sharing is growing, but there is a risk of unauthorised access in cross-domain data sharing. To this end, this paper first improves the ciphertext policy attribute-based encryption (MCACP-ABE), which achieves fine-grained protection of cross-domain data by authorising cross-domain third parties and attribute authority centres, and introduces the accountability tracking module. On this basis, fine-grained data cross-domain access control (AC) policies are designed. The policy designs a cross-domain AC structure based on MCACP-ABE, which realises fine-grained data access protection through a cross-domain negotiation component, a rule mapping component, and a cross-domain encryption component. The security analysis and simulation outcome imply that the offered policy not only satisfies indistinguishable security under chosen ciphertext attack (IND-CCA) but also has high cross-domain communication efficiency, which improves the security and usability of data cross-domain access.

  PublisherOA PDFDOI

• It's Trying Too Hard To Look Real: Deepfake Moderation Mistakes and Identity-Based Bias

  2024-05-11 · 10 citations

  articleOpen accessSenior author

  Online platforms employ manual human moderation to distinguish human-created social media profiles from deepfake-generated ones. Biased misclassification of real profiles as artificial can harm general users as well as specific identity groups; however, no work has yet systematically investigated such mistakes and biases. We conducted a user study (n=695) that investigates how 1) the identity of the profile, 2) whether the moderator shares that identity, and 3) components of a profile shown affect the perceived artificiality of the profile. We find statistically significant biases in people’s moderation of LinkedIn profiles based on all three factors. Further, upon examining how moderators make decisions, we find they rely on mental models of AI and attackers, as well as typicality expectations (how they think the world works). The latter includes reliance on race/gender stereotypes. Based on our findings, we synthesize recommendations for the design of moderation interfaces, moderation teams, and security training.

  PublisherOA PDFDOI

• An Intelligent Arrangement Method for New Distribution Network Data Sharing Service

  Smart innovation, systems and technologies · 2024-01-01

  book-chapter
  PublisherDOI

• VeriSMS: A Message Verification System for Inclusive Patient Outreach against Phishing Attacks

  2024-05-11 · 2 citations

  articleOpen accessSenior author

  Patient outreach enables timely communication between patients and healthcare providers but is vulnerable to phishing/spoofing attacks. In this paper, we work with a U.S.-based healthcare provider to design an inclusive method to address this threat. We present VeriSMS which allows patients to call a voice agent to verify whether the received (sensitive) messages are indeed sent by their healthcare provider. We design the system to be inclusive: it is accessible to patients who only have access to SMS and phone call capabilities. We perform a two-part user study to refine the system design (N=15) and confirm users can correctly understand the system and use it to identify spoofed/phishing messages (N=35). A key insight from our study is to not exclusively optimize for strong security but to tailor the designs based on user habits. Our result confirms the effectiveness and usability of VeriSMS and its ability to significantly increase adversaries’ costs.

  PublisherOA PDFDOI

• Practical Region-level Attack against Segment Anything Models

  2024-06-17 · 4 citations

  articleSenior author

  Segment Anything Models (SAM) have made significant advancements in image segmentation, allowing users to segment target portions of an image with a single click (i.e., user prompt). Given its broad applications, the robustness of SAM against adversarial attacks is a critical concern. While recent works have explored adversarial attacks against a pre-defined prompt/click, their threat model is not yet realistic: (1) they often assume the user-click position is known to the attacker (point-based attack), and (2) they often operate under a white-box setting with limited transferability. In this paper, we propose a more practical region-level attack where attackers do not need to know the precise user prompt. The attack remains effective as the user clicks on any point on the target object in the image, hiding the object from SAM. Also, by adapting a spectrum transformation method, we make the attack more transferable under a black-box setting. Both control experiments and testing against real-world SAM services confirm its effectiveness.

  PublisherDOI

• "Are Adversarial Phishing Webpages a Threat in Reality?" Understanding the Users' Perception of Adversarial Webpages

  2024-05-08 · 9 citations

  articleOpen accessSenior author

  Machine learning based phishing website detectors (ML-PWD) are a critical part of today's anti-phishing solutions in operation. Unfortunately, ML-PWD are prone to adversarial evasions, evidenced by both academic studies and analyses of real-world adversarial phishing webpages. However, existing works mostly focused on assessing adversarial phishing webpages against ML-PWD, while neglecting a crucial aspect: investigating whether they can deceive the actual target of phishing---the end users. In this paper, we fill this gap by conducting two user studies (n=470) to examine how human users perceive adversarial phishing webpages, spanning both synthetically crafted ones (which we create by evading a state-of-the-art ML-PWD) as well as real adversarial webpages (taken from the wild Web) that bypassed a production-grade ML-PWD. Our findings confirm that adversarial phishing is a threat to both users and ML-PWD, since most adversarial phishing webpages have comparable effectiveness on users w.r.t. unperturbed ones. However, not all adversarial perturbations are equally effective. For example, those with added typos are significantly more noticeable to users, who tend to overlook perturbations of higher visual magnitude (such as replacing the background). We also show that users' self-reported frequency of visiting a brand's website has a statistically negative correlation with their phishing detection accuracy, which is likely caused by overconfidence. We release our resources.

  PublisherOA PDFDOI

• Targeting mitochondrial metabolism to improve the tumor microenvironment: A bibliometric study and brief review (1994-2024)

  Research Square · 2024-09-26

  preprintOpen access
  PublisherOA PDFDOI

• Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers

  2023-05-01 · 25 citations

  articleSenior author

  Malware classifiers are subject to training-time exploitation due to the need to regularly retrain using samples collected from the wild. Recent work has demonstrated the feasibility of backdoor attacks against malware classifiers, and yet the stealthiness of such attacks is not well understood. In this paper, we focus on Android malware classifiers and investigate backdoor attacks under the clean-label setting (i.e., attackers do not have complete control over the training process or the labeling of poisoned data). Empirically, we show that existing backdoor attacks against malware classifiers are still detectable by recent defenses such as MNTD. To improve stealthiness, we propose a new attack, Jigsaw Puzzle (JP), based on the key observation that malware authors have little to no incentive to protect any other authors’ malware but their own. As such, Jigsaw Puzzle learns a trigger to complement the latent patterns of the malware author’s samples, and activates the backdoor only when the trigger and the latent pattern are pieced together in a sample. We further focus on realizable triggers in the problem space (e.g., software code) using bytecode gadgets broadly harvested from benign software. Our evaluation confirms that Jigsaw Puzzle is effective as a backdoor, remains stealthy against state-of-the-art defenses, and is a threat in realistic settings that depart from reasoning about feature-space-only attacks. We conclude by exploring promising approaches to improve backdoor defenses.

  PublisherDOI

Recent grants

• Collaborative Research: SaTC: CORE: Small: Towards Label Enrichment and Refinement to Harden Learning-based Security Defenses

  NSF · $250k · 2021–2025

• CAREER: Machine Learning Assisted Crowdsourcing for Phishing Defense

  NSF · $341k · 2018–2020

• CAREER: Machine Learning Assisted Crowdsourcing for Phishing Defense

  NSF · $420k · 2019–2024

Frequent coauthors

• Ben Y. Zhao

  18 shared

• Hai-Tao Zheng

  Jiangsu University

  15 shared

• Hang Hu

  Merck & Co., Inc., Rahway, NJ, USA (United States)

  13 shared

• Qingying Hao

  University of Padua

  11 shared

• Limin Yang

  University of Illinois Urbana-Champaign

  10 shared

• Mauro Conti

  9 shared

• Huiling Chen

  9 shared

• Giovanni Apruzzese

  9 shared

Education

• Ph.D., Computer Science

  University of Illinois at Urbana-Champaign

  2005

• M.S., Computer Science

  University of Illinois at Urbana-Champaign

  2001

• B.S., Computer Science

  University of Science and Technology of China

  1998

Awards & honors

• NSF CAREER Award (2018)
• Amazon Research Award (2021)
• Google Faculty Research Award (2017)
• Best Paper Awards from IMWUT 2019
• Best Paper Awards from ACM CCS 2018