Publications

2023

KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations

USENIX Security 2023

Tingting Yin , Zicong Gao , Zhenghang Xiao , Zheyu Ma , Min Zheng , Chao Zhang .

macOS closed-source driver fuzzing

2022

PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs

ESEM 2022

Xin Liu , Yixiong Wu , Qingchen Yu , Shangru Song , Yue Liu , Qingguo Zhou , Jianwei Zhuge .

we design and implement PG-VulNet, a tool for detecting Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs.

StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing

USENIX Security 2022

Bodong Zhao , Zheming Li , Shisong Qin , Zheyu Ma , Ming Yuan , Wenyu Zhu , Zhihong Tian , Chao Zhang .

state-aware fuzzing

An Empirical Study on Implicit Constraints in Smart Contract Static Analysis

ICSE-SEIP 2022

Tingting Yin , Chao Zhang , Yuandong Ni , Yixiong Wu , Taiyu Wong , Xiapu Luo , Zheming Li , Yu Guo .

Smart contracts static vulnerability detection

2021

ROLoad: Securing Sensitive Operations with Pointee Integrity

DAC 2021

Wende Tan , Yuan Li , Chao Zhang , Xingman Chen , Songtao Yang , Ying Liu , Jianping Wu .

Protect sensitive operations with hardware support.

ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange

CCS 2021 , download

Yun Li , Cun Ye , Yuguang Hu , Ivring Morpheus , Yu Guo , Chao Zhang , Yupeng Zhang , Zhipeng Sun , Yiwen Lu , Haodi Wang .

An optimized fair-exchange protocol

Igor: Crash Deduplication Through Root-Cause Clustering

CCS 2021

Zhiyuan Jiang , Xiyue Jiang , Ahmad Hazimeh , Chaojing Tang , Chao Zhang , Mathias Payer .

deduplicate crash samples

VScape: Assessing and Escaping Virtual Call Protections

USENIX Security 2021

Kaixiang Chen , Chao Zhang , Tingting Yin , Xingman Chen , Lei Zhao .

Bypass virtual protections towards AEG.

Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems

USENIX Security 2021

Libo Chen , Yanhao Wang , Quanpu Cai , Yunfan Zhan , Hong Hu , Jiaqi Linghu , Qinsheng Hou , Chao Zhang , Haixin Duan , Zhi Xue .

Finding vulnerabilities in embedded systems

MAZE: Towards Automated Heap Feng Shui

USENIX Security 2021

Yan Wang , Chao Zhang , Zixuan Zhao , Bolun Zhang , Xiaorui Gong , Wei Zou .

Manipulate heap layouts automatically.

RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis

ISSTA 2021

Ming Yuan , Yeseop Lee , Chao Zhang , Yun Li , Yan Cai , Bodong Zhao .

diagnosing data race bugs

iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing

ISSTA 2021

Shisong Qin , Chao Zhang , Kaixiang Chen , Zheming Li .

discovering inconsistencies in ARM instruction processing

Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks

USENIX Security 2021

Kaiwen Shen , Chuhan Wang , Minglei Guo , Xiaofeng Zheng , Chaoyi Lu , Baojun Liu , Yuxuan Zhao , Shuang Hao , Haixin Duan , Qinfeng Pan , Min Yang .

This work explored the vulnerabilities of the chain-based authentication structure in the email ecosystem. We conducted a large-scale analysis of 30 popular email services and 23 email clients.

Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency AttacksCaused by Software Bugs

INFOCOM 2021

Guorui Yu , Shibin Zhao , Chao Zhang , Zhiniang Peng , Yuandong Ni , Xinhui Han .

Exploit vulnerabilities in blockchains

Adapting to local conditions: Similarities and differences in anonymous online market between Chinese and English Speaking Communities

ICDF2C 2020, LNICST 2021

Gengqian Zhou , Jianwei Zhuge .

Similarities and differences in anonymous online market between Chinese and English Speaking Communities

POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming

NDSS 2021

Min Zheng , Xiaolong Bai , Yajin Zhou , Chao Zhang , Fuping Qu .

Mitigate port-oriented programming attacks for macOS

From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age

ICISSP 2021

Yixiong Wu , Jianwei Zhuge , Tingting Yin , Tianyi Li , Junmin Zhu , Guannan Guo , Yue Liu , Jianju Hu .

we design and implement ICScope, a passive vulnerability assessment system based on device search engines.

Argot: Generating Adversarial Readable Chinese Texts

IJCAI 2021 , download

Zihan Zhang , Mingxuan Liu , Chao Zhang , Yiming Zhang , Zhou Li , Qi Li , Haixin Duan , Donghong Sun .

Generate adversarial Chinese texts with Glyph and Pinyin mutation.

2020

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

CCS 2020

Mingming Zhang , Xiaofeng Zheng , Kaiwen Shen , Ziqiao Kong , Chaoyi Lu , Yu Wang , Haixin Duan , Shuang Hao , Baojun Liu , Min Yang .

HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)

Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms

CCS 2020

Yuan Li , Mingzhe Wang , Chao Zhang , Xingman Chen , Songtao Yang , Ying Liu .

Measurement of CFI solutions’ security

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices

USENIX Security 2020

Xiaofeng Zheng , Chaoyi Lu , Jian Peng , Qiushi Yang , Dongjie Zhou , Baojun Liu , Keyu Man , Shuang Hao , Haixin Duan , Zhiyun Qian .

A cache poisoning attack targeting DNS forwarders.

GREYONE: Data Flow Sensitive Fuzzing

USENIX Security 2020 , download

Shuitao Gan , Chao Zhang , Peng Chen , Bodong Zhao , Xiaojun Qin , Dong Wu , Zuoning Chen .

Improve fuzzing efficiency with lightweight data flow analysis.

FANS: Fuzzing Android Native System Services via Automated Interface Analysis

USENIX Security 2020 , download

Baozheng Liu , Chao Zhang , Guang Gong , Yishun Zeng , Haifeng Ruan , Jianwei Zhuge .

Fuzzing Android Binder services with automated interface analysis.

DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks

INFOCOM 2020 , download

Zhiyuan Lv , Youjian Zhao , Chao Zhang , Haibin Li .

AI-based Side Channel and Covert Channel Detection.

A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned

ICSE 2020 , download

Bingchang Liu , Guozhu Meng , Wei Zou , Qi Gong , Feng Li , Min Lin , Dandan Sun , Wei Huo , Chao Zhang .

Empirical Study on Vulnerability Distribution within Projects.

CDN Backfired: Amplification Attacks Based on HTTP Range Requests

DSN 2020 , download

Weizhong Li , Kaiwen Shen , Run Guo , Baojun Liu , Jia Zhang , Haixin Duan , Shuang Hao , Xiarun Chen , Yao Wang .

Amplification Attacks Based on HTTP Range Requests

Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches

NDSS 2020 , download

Menghao Zhang , Guanyu Li , Shicheng Wang , Chang Liu , Ang Chen , Hongxin Hu , Guofei Gu , Qi Li , Mingwei XU , Jianping Wu .

Mitigating DDoS Attacks with P4

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN

NDSS 2020 , download

Jiahao Cao , Renjie Xie , Kun Sun , Qi Li , Guofei Gu , Mingwei Xu .

Packet Hijacking in SDN

CDN Judo: Breaking the CDN DoS Protection with Itself

NDSS 2020 , download

Run Guo , Weizhong Li , Baojun Liu , Shuang Hao , Jia Zhang , Haixin Duan , Kaiwen Shen , Jianjun Chen , Ying Liu .

abuse CDN for DDoS attacks

A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices

Future Internet 2020 , download

Miao Yu , Jianwei Zhuge , Ming Cao , Zhiwei Shi , Lin Jiang .

A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Selected as the journal issue cover Paper.

A Market in Dream: the Rapid Development of Anonymous Cybercrime

Mobile Networks and Applications 2020 , download

Gengqian Zhou , Jianwei Zhuge , Yunqian Fan , Kun Du .

Measurement of a darknet market - dream market.

2019

On the origin of Zhuge’s clan by the method of historical geography

National Zhuge Liang Academic Symposium 2019 , download

Jianwei Zhuge .

On the origin of Zhuge’s clan by the method of historical geography

Detecting Fake Accounts in Online Social Networks at the Time of Registrations

ACM CCS 2019 , download

Dong Yuan , Yuanli Miao , Neil Zhenqiang Gong , Zheng Yang , Qi Li , Dawn Song , Qian Wang , Xiao Liang .

Fake account detection for WeChat

Certificate Transparency in the Wild: Exploring the Reliability of Monitors

ACM CCS 2019 , download

Bingyu Li , Jingqiang Lin , Fengjun Li , Qiongxiao Wang , Qi Li , Jiwu Jing , Congli Wang .

Exploring the Reliability of CT Monitors

MOPT: Optimized Mutation Scheduling for Fuzzers

USENIX Security 2019 , download

Chenyang Lyu , Shouling Ji , Chao Zhang , Yuwei Li , Wei-Han Lee , Yu Song , Raheem Beyah .

A fuzzing mutation scheduling strategy based on PSO.

The CrossPath Attack: Disrupting the SDN Control Channel via Shared Link

USENIX Security 2019 , download

Jiahao Cao , Qi Li , Renjie Xie , Kun Sun , Guofei Guo , Mingwei Xu , Yuan Yang .

Shared channels in SDN: attacks and defenses

2018

Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)

ACM CCS 2018 , download

Yan Wang , Chao Zhang , Xiaobo Xiang , Zixuan Zhao , Wenjie Li , Xiaorui Gong , Bingchang Liu , Kaixiang Chen , Wei Zou .

Generate exploits for POCs that do not crash.

αDiff: Cross-Version Binary Code Similarity Detection with DNN

ASE 2018 , download

Bingchang Liu , Wei Huo , Chao Zhang , Wenchao Li , Feng Li , Aihua Piao , Wei Zou .

Detect binary code similarity with DNN.

CollAFL: Path Sensitive Fuzzing

IEEE Security & Privacy 2018 , download

Shuitao Gan , Chao Zhang , Xiaojun Qin , Xuwen Tu , Kang Li , Zhongyu Pei , Zuoning Chen .

Improve fuzzing efficiency with high accuracy control flow information.

2017

Towards Efficient Heap Overflow Discovery

USENIX Security 2017 , download

Xiangkun Jia , Chao Zhang , Purui Su , Yi Yang , Huafeng Huang , Dengguo Feng .

Detect heap overflow vulnerabilities thoroughly with symbolic execution.

2016

VTrust: Regaining Trust on Virtual Calls

NDSS 2016

Chao Zhang , Scott A. Carr , Tongxin Li , Yu Ding , Chengyu Song , Mathias Payer , Dawn Song .

protecting virtual function calls for programs with source code

2015

JITScope: Protecting Web Users from Control-Flow Hijacking Attacks

oakland 2015

Chao Zhang , Mehrdad Niknami , Kevin Zhijie Chen , Chengyu Song , Zhaofeng Chen , Dawn Song .

a control flow integrity (CFI) solution for JIT code

VTint: Protecting Virtual Function Tables’ Integrity

NDSS 2015

Chao Zhang , Chengyu Song , Kevin Zhijie Chen , Zhaofeng Chen , Dawn Song .

protecting virtual function calls for binaries

Exploiting and Protecting Dynamic Code Generation

NDSS 2015

Chengyu Song , Chao Zhang , Tielei Wang , Wenke Lee , David Melski .

a control flow integrity (CFI) solution for JIT code

2013

Practical Control Flow Integrity & Randomization for Binary Executables

IEEE Security & Privacy 2013

Chao Zhang , Tao Wei , Zhaofeng Chen , Lei Duan , La ́szlo ́ Szekeres , Stephen McCamant , Dawn Song , Wei Zou .

a control flow integrity (CFI) solution for binaries

2012

A Framework to Eliminate Backdoors from Response-Computable Authentication

IEEE Security & Privacy 2012

Shuaifu Dai , Tao Wei , Chao Zhang , Tielei Wang , Yu Ding , Zhenkai Liang , Wei Zou .

a framework to mitigate backdoor threats

NISL@THU

Publications

2023

2022

2021

2020

2019

2018

2017

2016

2015

2013

2012