A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
Empirical Study on Vulnerability Distribution within Projects.
Publications
GREYONE: Data Flow Sensitive Fuzzing
Improve fuzzing efficiency with lightweight data flow analysis.
FANS: Fuzzing Android Native System Services via Automated Interface Analysis
Fuzzing Android Binder services with automated interface analysis.
DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
AI-based Side Channel and Covert Channel Detection.
CDN Judo: Breaking the CDN DoS Protection with Itself
abuse CDN for DDoS attacks
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Selected as the journal issue cover Paper.
A Market in Dream: the Rapid Development of Anonymous Cybercrime
Measurement of a darknet market - dream market.
MOPT: Optimized Mutation Scheduling for Fuzzers
A fuzzing mutation scheduling strategy based on PSO.
Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
Generate exploits for POCs that do not crash.
αDiff: Cross-Version Binary Code Similarity Detection with DNN
Detect binary code similarity with DNN.
CollAFL: Path Sensitive Fuzzing
Improve fuzzing efficiency with high accuracy control flow information.
Towards Efficient Heap Overflow Discovery
Detect heap overflow vulnerabilities thoroughly with symbolic execution.