Yaqing Zhou
CMU M.S. (’26), focused on backend systems, data infrastructure, and security.
Email: yaqingz@andrew.cmu.edu
LinkedIn: yaqing-zhou-559456261
Selected Work
1. Fraud / Abuse Detection Service @ Tencent
- Built an end-to-end club-level fraud/abuse detection service for a ~4M-user gaming loyalty platform (~4M users).
- Designed data pipelines, graph-based features (shared founders, member reuse, IP/device overlap, name similarity), and an XGBoost model with semi-supervised label propagation.
- Achieved ~3× coverage (190 → 575 clubs) while maintaining <1% FPR and ~0.89/0.89 precision/recall on a held-out test set.
- Integrated explainability outputs to speed up manual triage and reduce incentive abuse costs.
2. Privacy-Preserving DNS Outsourcing (Research @ University of Michigan)
- Designed a DNS outsourcing protocol allowing external name servers to manage zone files without revealing internal network details.
- Implemented reference authoritative and recursive DNS servers in Python (dnspython) and evaluated latency, storage overhead, and leakage.
- Measured ~44% lower median CNAME latency vs an encrypted baseline; DNSSEC-related latency overhead <8% vs BIND-9.
3. BusTub Database Internals (CMU Database Systems)
- Implemented core database components in C++: disk-based storage, LRU-K buffer pool, and concurrent B+Tree index.
- Built a query execution engine (scans, joins, aggregation, external sort, basic optimization rules).
- Added snapshot-isolation MVCC with per-transaction undo logs, conflict detection, and GC; achieved Top-10/Top-20 performance in course benchmarks.
4. Security Projects & Labs
- Completed CTF-style labs in crypto and web security (e.g., SHA-256 length extension, padding-oracle, SQLi/XSS/CSRF) and practiced secure coding by documenting mitigations such as parameterized queries, output encoding/CSP, CSRF tokens, and secure cookie flags.
- Took graduate-level security courses at CMU (Security in Networked Systems, Intro to Information Security, Secure Coding), focusing on threat modeling, network/protocol attacks, and secure-by-design systems.
- Solved a wide range of CTF challenges (stack/heap overflows, format-string bugs, integer and pointer vulnerabilities, canary bypasses, and blockchain exploits such as insecure randomness and reentrancy).