Publications

Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks

CCS 2020

Mingming Zhang , Xiaofeng Zheng , Kaiwen Shen , Ziqiao Kong , Chaoyi Lu , Yu Wang , Haixin Duan , Shuang Hao , Baojun Liu , Min Yang .

HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)

Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices

USENIX Security 2020

Xiaofeng Zheng , Chaoyi Lu , Jian Peng , Qiushi Yang , Dongjie Zhou , Baojun Liu , Keyu Man , Shuang Hao , Haixin Duan , Zhiyun Qian .

A cache poisoning attack targeting DNS forwarders.

GREYONE: Data Flow Sensitive Fuzzing

USENIX Security 2020 , download

Shuitao Gan , Chao Zhang , Peng Chen , Bodong Zhao , Xiaojun Qin , Dong Wu , Zuoning Chen .

Improve fuzzing efficiency with lightweight data flow analysis.

FANS: Fuzzing Android Native System Services via Automated Interface Analysis

USENIX Security 2020 , download

Baozheng Liu , Chao Zhang , Guang Gong , Yishun Zeng , Haifeng Ruan , Jianwei Zhuge .

Fuzzing Android Binder services with automated interface analysis.

DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks

INFOCOM 2020 , download

Zhiyuan Lv , Youjian Zhao , Chao Zhang , Haibin Li .

AI-based Side Channel and Covert Channel Detection.

Argot: Generating Adversarial Readable Chinese Texts

IJCAI 2020 , download

Zihan Zhang , Mingxuan Liu , Chao Zhang , Yiming Zhang , Zhou Li , Qi Li , Haixin Duan , Donghong Sun .

Generate adversarial Chinese texts with Glyph and Pinyin mutation.

A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned

ICSE 2020 , download

Bingchang Liu , Guozhu Meng , Wei Zou , Qi Gong , Feng Li , Min Lin , Dandan Sun , Wei Huo , Chao Zhang .

Empirical Study on Vulnerability Distribution within Projects.

CDN Backfired: Amplification Attacks Based on HTTP Range Requests

DSN 2020 , download

Weizhong Li , Kaiwen Shen , Run Guo , Baojun Liu , Jia Zhang , Haixin Duan , Shuang Hao , Xiarun Chen , Yao Wang .

Amplification Attacks Based on HTTP Range Requests

CDN Judo: Breaking the CDN DoS Protection with Itself

NDSS 2020 , download

Run Guo , Weizhong Li , Baojun Liu , Shuang Hao , Jia Zhang , Haixin Duan , Kaiwen Shen , Jianjun Chen , Ying Liu .

abuse CDN for DDoS attacks

A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices

Future Internet 2020 , download

Miao Yu , Jianwei Zhuge , Ming Cao , Zhiwei Shi , Lin Jiang .

A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Selected as the journal issue cover Paper.

A Market in Dream: the Rapid Development of Anonymous Cybercrime

Mobile Networks and Applications 2020 , download

Gengqian Zhou , Jianwei Zhuge , Yunqian Fan , Kun Du .

Measurement of a darknet market - dream market.

MOPT: Optimized Mutation Scheduling for Fuzzers

USENIX Security 2019 , download

Chenyang Lyu , Shouling Ji , Chao Zhang , Yuwei Li , Wei-Han Lee , Yu Song , Raheem Beyah .

A fuzzing mutation scheduling strategy based on PSO.

Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)

ACM CCS 2018 , download

Yan Wang , Chao Zhang , Xiaobo Xiang , Zixuan Zhao , Wenjie Li , Xiaorui Gong , Bingchang Liu , Kaixiang Chen , Wei Zou .

Generate exploits for POCs that do not crash.

αDiff: Cross-Version Binary Code Similarity Detection with DNN

ASE 2018 , download

Bingchang Liu , Wei Huo , Chao Zhang , Wenchao Li , Feng Li , Aihua Piao , Wei Zou .

Detect binary code similarity with DNN.

CollAFL: Path Sensitive Fuzzing

IEEE Security & Privacy 2018 , download

Shuitao Gan , Chao Zhang , Xiaojun Qin , Xuwen Tu , Kang Li , Zhongyu Pei , Zuoning Chen .

Improve fuzzing efficiency with high accuracy control flow information.

Towards Efficient Heap Overflow Discovery

USENIX Security 2017 , download

Xiangkun Jia , Chao Zhang , Purui Su , Yi Yang , Huafeng Huang , Dengguo Feng .

Detect heap overflow vulnerabilities thoroughly with symbolic execution.