Zakir Durumeric

Assistant Professor

Stanford Computer Science

zakir@cs.stanford.edu

CoDa W346 | (650) 724-6279

publications | cv | scholar

I'm an Assistant Professor of Computer Science at Stanford University where my research focuses on Internet security, trust, and safety. I am interested in how to protect people against attacks on the Internet ranging from cybercrime and harassment to censorship and disinformation. I am broadly an empiricist: I build systems to measure complex networked ecosystems at scale, which I use to understand real-world behavior, uncover weaknesses and attacks, architect more resilient defenses, and guide public policy. I also founded and am Chief Scientist of Censys.

Advising and Teaching

I lead the Stanford Empirical Security Research Group where I advise: Catherine Han, Kimberly Ruth, Agur Adams (co-advised with Phil Levis), Rumaisa Habib, Thea Rossman, Paul Flammarion, Veronica Rivera, and Zimo Chai. Alumni include: Liz Izhikevich, Gerry Wan, Hans Hanley, Deepak Kumar, Gautam Akiwate, Aurore Fass, Dolière Francis Somé, Fengchen Gong, George Hosono, Manda Tran, and Jack Cable.

I teach CS155 Computer and Network Security (2019–2025), CS356 Topics in Systems and Network Security (2018–2024), and CS249i The Modern Internet (2021–2025).

Open Source Software and Data

My work emphasizes creating open source tools and datasets for understanding and protecting the Internet. My team built and maintains the ZMap Toolkit (e.g., ZMap, ZGrab, ZDNS, ZLint, and LZR) and Retina, which are used across the security industry. I architected the Censys measurement platform, which provides researchers with free global data on Internet devices and services. In addition, I maintain ASdb and the downloadable CrUX Top Million Websites.

Select Publications

Characterizing the MrDeepFakes Sexual Deepfake Marketplace
  • Catherine Han, Anne Li, Deepak Kumar, and Zakir Durumeric
  • USENIX Security Symposium, August 2025
Tracking the Takes and Trajectories of English-Language News Stories across Trustworthy and Worrisome Websites
  • Hans Hanley, Emily Okabe, and Zakir Durumeric
  • USENIX Security Symposium, August 2025
Democratizing LEO Satellite Network Measurement
  • Liz Izhikevich, Manda Tran, Katherine Izhikevich, Gautam Akiwate, and Zakir Durumeric
  • ACM SIGMETRICS/IFIP PERFORMANCE, June 2024
Hate Raids on Twitch: Echoes of the Past, New Modalities, and Implications for Platform Governance
  • Catherine Han, Joseph Seering, Deepak Kumar, Jeff Hancock, and Zakir Durumeric
  • ACM Computer-Supported Cooperative Work And Social Computing (CSCW), October 2023
  • Best Paper Award
A World Wide View of Browsing the World Wide Web
  • Kimberly Ruth, Aurore Fass, Jonathan Azose, Mark Pearson, Emma Thomas, Caitlin Sadowski, and Zakir Durumeric
  • ACM Internet Measurement Conference (IMC), October 2022
Retina: Analyzing 100 GbE Traffic on Commodity Hardware
  • Gerry Wan, Fengchen Gong, Tom Barbette, and Zakir Durumeric
  • ACM Special Interest Group on Data Communication (SIGCOMM), August 2022
LZR: Identifying Unexpected Internet Services
  • Liz Izhikevich, Renata Teixeira, and Zakir Durumeric
  • USENIX Security Symposium, August 2021
SoK: Hate, Harassment, and the Changing Landscape of Online Abuse
  • Kurt Thomas, Devdatta Akhawe, Michael Bailey, Elie Bursztein, Dan Boneh, Sunny Consolvo, Nicki Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, and Gianluca Stringhini
  • IEEE Symposium on Security and Privacy ("Oakland"), May 2021
Let's Encrypt: An Automated Certificate Authority to Encrypt the Entire Web
  • Josh Aas, Richard Barnes, Benton Case, Zakir Durumeric, Peter Eckersley, Alan Flores-Lopez,
  • J. Alex Halderman, Jacob Hoffman-Andrews, James Kasten, Eric Rescorla, Seth Schoen, Brad Warren
  • ACM Conference on Computer and Communications Security (CCS), November 2019
ZLint: Tracking Certificate Misissuance in the Wild
  • Deepak Kumar, Zhengping Wang, Matthew Hyder, Joseph Dickinson, Gabrielle Beck, David Adrian, Joshua Mason, Zakir Durumeric, J. Alex Halderman, and Michael Bailey
  • IEEE Symposium on Security and Privacy ("Oakland"), May 2018
Understanding the Mirai Botnet
  • Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran
  • Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever,
  • Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou
  • USENIX Security Symposium, August 2017
Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery Security
  • Zakir Durumeric, David Adrian, Ariana Mirian, James Kasten, Kurt Thomas, Vijay Eranti,
  • Nicholas Lidzborski, Elie Bursztein, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), October 2015
  • IRTF Applied Networking Research Prize
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green,
  • J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta,
  • Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, and Paul Zimmermann
  • ACM Computer and Communications Security (CCS), October 2015
  • Best Paper Award
The Matter of Heartbleed
  • Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer,
  • Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman
  • ACM Internet Measurement Conference (IMC), November 2014
  • Best Paper Award
ZMap: Fast Internet-Wide Scanning and its Security Applications
  • Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
  • USENIX Security Symposium, August 2013
Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
  • Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman
  • USENIX Security Symposium, August 2012
  • Best Paper Award; Test of Time Award (2022)