Xiangmin Shen
Northwestern Lab for Internet and Security Technology (LIST)

3410 Mudd Hall
2233 Tech Dr, 3rd Floor
Evanston, IL 60208
I’m a final year PhD candidate working with Prof. Yan Chen at Northwestern University Computer Science Department. I am broadly interested in system security and security measurement. My current research focuses on enhancing system security by applying AI techniques in defense and offense.
I’m excited to share that I will be joining the Department of Computer Science at Hofstra University as a tenure-track Assistant Professor starting Fall 2025. I look forward to continuing my research at the intersection of AI and system security, mentoring students, and contributing to the growth of Hofstra’s cybersecurity programs!
news
Mar 19, 2025 | Our paper “PentestAgent: Incorporating LLM Agents to Automated Penetration Testing” is accepted by AsiaCCS’25. ![]() ![]() |
---|---|
Feb 16, 2025 | We are pleased to announce the release of PentestAgent, an LLM-driven automated penetration testing framework. ![]() ![]() ![]() ![]() |
Feb 04, 2025 | Our poster “LLM-Driven Automated Exploit Assessment for Penetration Testing” is accepted to appear in NDSS’25. ![]() ![]() |
Aug 30, 2024 | Our paper “Incorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion Detection” is accepted by NDSS’25. ![]() ![]() |
Dec 19, 2023 | Our paper “Decoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World Environments” is accepted by AsiaCCS’24. ![]() ![]() |
selected publications
- AsiaCCSPentestAgent: Incorporating LLM Agents to Automated Penetration TestingProceedings of the 20th ACM Asia Conference on Computer and Communications Security (AsiaCCS). Code release can be found here , 2025
- NDSSIncorporating Gradients to Rules: Towards Lightweight, Adaptive Provenance-based Intrusion DetectionProceedings of the 32nd Annual Network and Distributed System Security Symposium (NDSS). Code release can be found here , 2025
- AsiaCCSDecoding the MITRE Engenuity ATT&CK Enterprise Evaluation: An Analysis of EDR Performance in Real-World EnvironmentsProceedings of the 19th ACM Asia Conference on Computer and Communications Security (AsiaCCS). Data release can be found here , 2024