Research Projects

I have worked in research projects that span across a diverse set of topics in computer and network security. Some projects that I recently focus on are highlighted as below. Please browse my vita and publications for information about other projects that I have been involved in.

Trusted and Privacy-Preserving Federated Learning

Federated learning enables hospitals to collaboratively learn a shared global model while ensuring patient privacy; however, there is a big statistical challenge for our application owing to EHR heterogeneities, i.e. difference in patient characteristics and clinical observations made or feature space. Thus, real-world EHR data from different hospitals are never independently and identically distributed (IID). The proposed research is to overcome this statistical challenge while improving security for federated learning. The project proposes new transfer learning solutions to combat the non-IID challenge in federated learning and new security building blocks tailored for homogeneous and heterogeneous transfer learning tasks. Together the project will develop a privacy-preserving federated transfer learning framework to provide a first practical solution for non-IID clinical data scenarios.

Support: PI, Privacy-Preserving Federated Transfer Learning for Early Acute Kidney Injury Risk Prediction, NSF IIS-#2014552, $579,941, 2020-2024.

Related publications:

Modeling and Protecting the Privacy of Cloud-Assisted IoT Systems

New security and privacy concerns, such as unauthorized access, modification, data leakage, data linkage and reidentification, arise when data is transferred among interconnected devices or to the cloud. This project will investigate the privacy threats in the cloud-assisted IoT systems, in which distributed IoT data are collected and analyzed for different types of IoT applications. The goal of the proposed research is to develop a privacy threat analysis framework to provide a systematic methodology for modeling privacy threats in the cloud-assisted IoT systems.

Support: PI, Cloud-Assisted IoT Systems Privacy, NSA Science of Security Initiative H98230-18-D-0009, 2018-2021.

Related publications:

  • Prashanthi Mallojula, Javaria Ahmad, Fengjun Li, and Bo Luo, "You Are (not) Who Your Peers Are: Identification of Potentially Excessive Permission Requests in Android Apps," in IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), 2021.
  • Lei Yang, Chris Seasholtz, Bo Luo, and Fengjun Li, "Hide Your Hackable Smart Home From Remote Attacks: An Extra Network-Level Safeguard," in European Symposium on Research in Computer Security (ESORICS), Barcelona, Spain, September 1-7, 2018
  • Lei Yang and Fengjun Li, “Cloud-Assisted Privacy-Preserving Classification for IoT Applications,” in IEEE Conference on Communications and Network Security (CNS), Beijing, China, June 1-5, 2018. (acceptance rate 28%)
  • Abdulmali Humayed, Jinqiang Lin, Fengjun Li, and Bo Luo, “Cyber-Physical Systems Security -- A Survey,” in IEEE Internet of Things Journal - Special Issue on Security and Privacy in Cyber-Physical Systems, PP(99):1-1, 2017.
  • Lei Yang, Humayed Abudulmalik, and Fengjun Li, "A Multi-Cloud based Privacy-Preserving Data Publishing Scheme for the Internet of Things," in Annual Computer Security Applications Conference (ACSAC), Los Angeles, CA, December 2016.

Detecting Misinformation on Social Media

Customers' reviews would greatly affect others’ purchase decision making. It becomes an increasing incentive for review spammers to manipulate the reviews. Thus, the detection of review spams and a trustworthy measure of the credability of the review are critical to online review sites and the online retailers. In this research thrust, we aim to create a robust spam measurement and detection model that incorporates both content and structure features.

Support: PI, Establishing Social-Computational Collaboration towards Credible Social Media, University of Kansas Research Investment Council Strategic Initiative Grant INS0073037, $206,305, 2014-2018.

Related publications:

  • Hao Xue and Fengjun Li, "Online Review Spam Detection through Content-Aware Trust Propagation," in the 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec), Philadelphia, PA, July 2017.
  • Hyunjin Seo, James Sterbenz, Fengjun Li and Shiva Velma, "Multilevel Analysis of Networked Movements in Digital Age," in International Communication Association Conference, 2017.
  • Pegah Nokhiz and Fengjun Li, "Understanding Rating Behavior based on Moral Foundations: The case of Yelp Reviews," in IEEE BigData Workshop on Big Data Technology and Ethics Considerations in Customer Behavior and Customer Feedback Mining, Boston, MA, 2017.
  • Hyunjin Seo, Fengjun Li, Roseann Pluretti, Hao Xue, and Shiva Velma, "Perceptions of Online Reviews: Motivation, Sidedness, and Reviewer Information," in Journalism and Mass Communication Annual Conference, Minneapolis, MN, August 2016.
  • Hao Xue, Fengjun Li, Hyunjin Seo, and Roseann Pluretti, "Trust-Aware Review Spam Detection," in the 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Symposium on Recent Advances of Trust, Security and Privacy in Computing and Communications, Helsinki, Finland, Aug 2015.
  • Hyunjin Seo, Fengjun Li, Jeongsub Lim, Roseann Pluretti, Hao Xue, and Sreenivas Kumar Vekapu, "User ratings of yelp reviews: A big data analysis approach," in Association for Education in Journalism and Mass Communication Annual Conference, San Francisco, CA, August 2015.
  • Hyunjin Seo, Fengjun Li, Roseann Pluretti, Hao Xue, and Sreenivas Kumar Vekapu, "Perceived usefulness of online reviews: Effects of review characteristics and reviewer attributes," in Proceedings of the 65th International Communication Association Annual Conference, San Juan, Puerto Rico, May 2015.
  • Yingying Ma and Fengjun Li, "Detecting Review Spam: Challenges and Opportunities," in the Collaborative Communities for Social Computing (CCSocialComp) Workshop, Pittsburgh, PA, October 2012. (invited)

Security and Privacy of Social Network Applications

Security and privacy is becomg an increasing concern in applications related to online social networks. In these "uncontrolled" environments, individuals create, share and propagate information voluntarily. The objective of the privacy studies in OSN is to find answers to essential questions as “how identifiable an individual is from scattered information pieces over social media” and “how to protect the privacy of personal information from being unknowingly revealed”.

Support: PI, Data Collection and Risk Evaluation Learning in Identifying High Risk Ebola Subpopulations for the Intervention and Prevention of Large-scale Ebola Virus Spreading, NSF IIS-#1513324, $188,730, 2014-2016.

Related publications:

Related publications:

  • Qiaozhi Wang, Hao Xue, Fengjun Li, Dongwon Lee, and Bo Luo, "#DontTweetThis: Scoring Private Information in Social Networks," in the 19th Privacy Enhancing Technologies Symposium (PETS), vol 4, Stockholm, Sweden, July 15-16, 2019. (Acceptance rate: 16/91)
  • Anirudh Narasimman, Qiaozhi Wang, Fengjun Li, Dongwon Lee and Bo Luo, "Arcana: Enabling Private Posts on Public Microblog Platforms," in the 34rd International Information Security and Privacy Conference (IFIP SEC), Lisbon, Portugal, June 25-27, 2019.
  • Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo and Peng Liu, "Stalking Online: on User Privacy in Social Networks," in ACM Conference on Data and Application Security and Privacy (CODASPY), 2012. (acceptance rate: 18.6%)
  • Fengjun Li, Xukai Zhou, Peng Liu, and JakeY. Chen, "New Threats to Health Data Privacy," in BMC Bioinformatics, 12(Suppl 12):S7, 2011.
  • Fengjun Li, Jake Y. Chen, Xukai Zou, and Peng Liu, "New Privacy Threats in Healthcare Informatics: When Medical Records Join the Web," in Proceedings of the 9th International Workshop on Data Mining in Bioinformatics (BIOKDD), Washington D.C., July 2010. (short paper)

Smart Grid Security

In this project, we developed one of the first solutions to address both security and privacy concerns in the collection of fine-grained real-time smart metering data in smart grid neighborhood area networks (NANs) using hommomorphic encryption algorithms. After that, we developed a set of algorithms for efficient privacy-preserving in-network data operations, integrity verification, and detection of false data injection.

Support: PI, Trustworthy and Privacy-Preserving Data Collection and Management in Smart Grid, NSF Kansas EPSCoR #0073319, $120,741, 2014-2015.

Related publications:

Robust and Multipath Anonymous Routing

Anonymous rotuing enables people to hide their identity in communication over the Internet. Most of the existing anonymous routing protocols rely on a relative small set of pre-selected relay servers to redirect the messages. The pre-selection approaches provide good anonymity, but suffer from node failures and scalability problem. In this project, we develope a node-failure-resilient anonymous, CAT (Communtative Anonymous Tunnel), to allow the initiator to explore an anonymous tunnel consisting of several valid anonymous paths via a probing process, and hop among them when the active path encounters a node failure.

Related publications:

  • Lei Yang and Fengjun Li, "Enhancing Traffic Analysis Resistance for Tor Hidden Services with Multipath Routing," in the 11th EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Dallas, USA, October, 2015. (Best Paper Award Winner)
  • Lei Yang and Fengjun Li, "mTor: A Multipath Tor Routing beyond Bandwidth Throttling," in IEEE Conference on Communications and Network Security (CNS), Florence, Italy, September 2015.
  • Lei Yang and Fengjun Li, "Enhancing Traffic Analysis Resistance for Tor Hidden Services with Multipath Routing," In IEEE Conference on Communications and Network Security (CNS), Florence, Italy, September 2015. (Poster)
  • Fengjun Li, Bo Luo, Peng Liu, and Chao-Hsien Chu, "A Node-failure-resilient Anonymous Communication Protocol through Commutative Path Hopping," in Proceedings of the 29th IEEE Conference on Computer Communications (INFOCOM), San Diego, CA, March 2010. (acceptance rate: 17%)

Privacy-preserving Information Sharing

I have been working on privacy-enhancing federated information sharing and proposed a secure multi-organizational information sharing framework to support distributed privacy-preserving data access in business intelligence systems and health information exchange systems. This research aims to support privacy-enhancing federated information sharing across multiple organizations with various information sharing needs and requirements upon different levels of trust. We have proposed a secure multi-organizational information sharing framework to support distributed privacy-preserving data access in business intelligence systems and health information exchange systems. This Privacy-Preserving Information Brokering (PPIB) framework combines XML access control enforcement mechanism with content-based inquiry routing across databases belonging to multiple alliance organizations, and seamlessly integrates both functionalities into a set of nondeterministic finite automata (known as information brokers).

Related publications: