Understanding reliability across global AIoT supply chains and their real-world impact.
I study how security breaks across the global AIoT supply chain, from white-label manufacturing
to cross-border marketplaces that distribute insecure, increasingly AI-enabled devices at scale.
My work focuses on safeguarding vulnerable user groups, including households and children, whose
devices often inherit systemic weaknesses from opaque upstream vendors. I combine Internet-wide
measurements, device and firmware reverse engineering, and machine learning to uncover structural
risks, and to examine how AI is reshaping both the threats to and the defenses available for
connected ecosystems.
Research Interests
AIoT
Machine Learning
Network Security
Supply Chain
Vulnerable Group Security
Enterprise Security
Education
Ph.D. IoT and Supply ChainHasso Plattner Institue 路 In Pursuit
M.Sc. NetworkingSan Jose State University 路 2020
B.Sc. Computer and Electrical EngineeringPurdue University 路 2018
Recent Publications
Hand-curated highlights; browse the full list on Google Scholar or via DOI links.
This paper analyzes how IoT vendors design, operate, and sustain OTA firmware-update pipelines across fragmented device supply chains. It connects technical constraints such as upstream SDK and chipset dependencies, firmware reuse, signing infrastructure, and hardware limitations with the economic forces that determine update frequency, support duration, and long-term device security.
Beyond the Device: A Security Analysis of White-Label Children鈥檚 Smartwatches and Their Ecosystem
AsiaCCS 2026 路 Vulnerable Group Security, IoT Security, Supply Chain
White-label children鈥檚 smartwatches are built in supply chains by thin margins and weak oversight, creating systemic security gaps for vulnerable children. This paper presents the first comprehensive analysis exposing new critical vulnerabilities across firmware, apps, cloud backends, and the supply chain itself.
Huancheng Hu, Christian Doerr
LotBoNC: Novel Botnet Traffic Classification under Long-tailed Distributions
In operational networks, botnet traffic is long-tailed, dominated by common classes, and constantly enriched by rare, unseen variants. To address this, we propose LotBoNC, a unified framework tailored for long-tailed, open-world encrypted traffic.
BoNC: Discovering and Classifying Novel Encrypted Botnet Traffic
Open Journal of Communication Societies (OJCOMS) 路 Network Security, IoT Security, Machine Learning
This paper presents BoNC, a unified framework that accurately detects and classifies both known and previously unseen encrypted botnet traffic in open-world environments.
Opening a Can of Worms: A Comprehensive View into the Android Debug Bridge Malware
TrustCom 2025 路 IoT Security
We present the first comprehensive study of ADB-targeting worms, analyzing over seven years of real-world data encompassing 1.7 million infected IPs and more than 6 billion compromise attempts.
@ARTICLE{hu:2025bonc,
author={Hu, Huancheng and Li, Ziyun and Doerr, Christian},
journal={IEEE Open Journal of the Communications Society},
title={BoNC: Discovering and Classifying Novel Encrypted Botnet Traffic},
year={2025},
volume={},
number={},
pages={1-1},
keywords={Botnet;Cryptography;Contrastive learning;Anomaly detection;Transformers;Traffic control;Feature extraction;Training;Protocols;Payloads;Botnet Detection;Novel Class Discovery;Network Security;Machine Learning},
doi={10.1109/OJCOMS.2025.3638985}
}
@INPROCEEDINGS{hu:2025adb,
author={Hu, Huancheng and Doerr, Christian},
booktitle={2025 IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)},
title={Opening a Can of Worms: A Comprehensive View into the Android Debug Bridge Malware},
year={2025},
doi={10.1109/Trustcom66490.2025.00023}
}
Cite this paper
You can paste this into your reference manager (e.g., BibTeX file or Zotero).