Sysyphuzz: the Pressure of More Coverage
A kernel fuzzer designed to boost exploration of under-tested code regions.
学术论文
2026
FirmAgent: Leveraging Fuzzing to Assist LLM Agents with IoT Firmware Vulnerability Discovery
Leveraging fuzzing to assist LLM agents with IoT firmware vulnerability discovery.
2025
Tady: A Neural Disassembler without Structural Constraint Violations
A neural disassembler without structural constraint violations based on post-dominance relations.
IDFUZZ: Intelligent Directed Grey-box Fuzzings
An intelligent directed grey-box fuzzing solution with neural network guided input mutation.
DecompileBench: A Comprehensive Benchmark for Evaluating Decompilers in Real-World Scenarios
A comprehensive benchmark for evaluating decompiler effectiveness in real-world reverse engineering scenarios.
Cowpox: Towards the Immunity of VLM-based Multi-Agent Systems
A defense approach to enhance robustness of multi-agent systems against adversarial attacks.
xFUZZ: A Flexible Framework for Fine-Grained, Runtime-Adaptive Fuzzing Strategy Composition
A flexible framework for fine-grained, runtime-adaptive fuzzing strategy composition.
BinQuery: A Novel Framework for Retrieving Binary Function with Natural Language Query
A novel framework for retrieving binary functions using natural language queries.
DCDiff: Enhancing JPEG Compression via Diffusion-based DC Coefficients Estimation
Enhancing JPEG compression via diffusion-based DC coefficients estimation method.
VulShield: Protecting Vulnerable Code Before Deploying Patches
Protecting vulnerable code before deploying patches with automated security policies.
Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices
Constructing device behavior models from OS drivers to fuzz virtual devices.
EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis
Exposing hidden web interfaces in IoT devices via routing analysis and LLM context understanding.
CCTAG: Configurable and Combinable Tagged Architecture
A configurable and combinable tagged architecture for memory safety protection.
2024
CLAP: Learning Transferable Binary Code Representations with Natural Language Supervision
Learning transferable binary code representations with natural language supervision.
CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection
A cost-effective framework for large-scale binary code similarity detection.
SDFUZZ: Target States Driven Directed Fuzzing
Target states driven directed fuzzing.
OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers
Optimization path guided fuzzing for JavaScript JIT compilers.
Laser Shield: a Physical Defense with Polarizer against Laser Attacks on Autonomous Driving Systems
A physical defense with polarizer against laser attacks on autonomous driving systems.
LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices
Response guided directed fuzzing for black-box IoT devices.
ConFuzz: Towards Large Scale Fuzz Testing of Smart Contracts in Ethereum
Towards large scale fuzz testing of smart contracts in Ethereum.
SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection
Efficient fuzzing via Shapley-guided byte selection.
REQSMINER: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing
Automated discovery of CDN forwarding request inconsistencies and DoS attacks with grammar-based fuzzing.
EnclaveFuzz: Finding Vulnerabilities in SGX Applications
Finding vulnerabilities in SGX applications.
2023
KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations
macOS closed-source driver fuzzing
2022
HTFuzz: Heap Operation Sequence Sensitive Fuzzing
heap temporal vulnerability fuzzing
PG-VulNet: Detect Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs
we design and implement PG-VulNet, a tool for detecting Supply Chain Vulnerabilities in IoT Devices using Pseudo-code and Graphs.
StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing
state-aware fuzzing
PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation
driver fuzzing based on virtual device simulation
An Empirical Study on Implicit Constraints in Smart Contract Static Analysis
Smart contracts static vulnerability detection
2021
ROLoad: Securing Sensitive Operations with Pointee Integrity
Protect sensitive operations with hardware support.
ZKCPlus: Optimized Fair-exchange Protocol Supporting Practical and Flexible Data Exchange
An optimized fair-exchange protocol
Igor: Crash Deduplication Through Root-Cause Clustering
deduplicate crash samples
VScape: Assessing and Escaping Virtual Call Protections
Bypass virtual protections towards AEG.
Sharing More and Checking Less: Leveraging Common Input Keywords to Detect Bugs in Embedded Systems
Finding vulnerabilities in embedded systems
MAZE: Towards Automated Heap Feng Shui
Manipulate heap layouts automatically.
RAProducer: Efficiently Diagnose and Reproduce Data Race Bugs for Binaries via Trace Analysis
diagnosing data race bugs
iDEV: Exploring and Exploiting Semantic Deviations in ARM Instruction Processing
discovering inconsistencies in ARM instruction processing
Weak Links in Authentication Chains: A Large-scale Analysis of Email Sender Spoofing Attacks
This work explored the vulnerabilities of the chain-based authentication structure in the email ecosystem. We conducted a large-scale analysis of 30 popular email services and 23 email clients.
Code is the (F)Law: Demystifying and Mitigating Blockchain Inconsistency AttacksCaused by Software Bugs
Exploit vulnerabilities in blockchains
Adapting to local conditions: Similarities and differences in anonymous online market between Chinese and English Speaking Communities
Similarities and differences in anonymous online market between Chinese and English Speaking Communities
POP and PUSH: Demystifying and Defending against (Mach) Port-Oriented Programming
Mitigate port-oriented programming attacks for macOS
From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
we design and implement ICScope, a passive vulnerability assessment system based on device search engines.
Argot: Generating Adversarial Readable Chinese Texts
Generate adversarial Chinese texts with Glyph and Pinyin mutation.
2020
Talking with Familiar Strangers: An Empirical Study on HTTPS Context Confusion Attacks
HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack)
Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms
Measurement of CFI solutions’ security
Poison Over Troubled Forwarders: A Cache Poisoning Attack Targeting DNS Forwarding Devices
A cache poisoning attack targeting DNS forwarders.
GREYONE: Data Flow Sensitive Fuzzing
Improve fuzzing efficiency with lightweight data flow analysis.
FANS: Fuzzing Android Native System Services via Automated Interface Analysis
Fuzzing Android Binder services with automated interface analysis.
DRAMD: Detect Advanced DRAM-based Stealthy Communication Channels with Neural Networks
AI-based Side Channel and Covert Channel Detection.
A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned
Empirical Study on Vulnerability Distribution within Projects.
CDN Backfired: Amplification Attacks Based on HTTP Range Requests
Amplification Attacks Based on HTTP Range Requests
Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches
Mitigating DDoS Attacks with P4
When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN
Packet Hijacking in SDN
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices
A Survey of Security Vulnerability Analysis, Discovery, Detection, and Mitigation on IoT Devices. Selected as the journal issue cover Paper.
A Market in Dream: the Rapid Development of Anonymous Cybercrime
Measurement of a darknet market - dream market.
2019
以历史地理学方法考证诸葛氏之起源
以历史地理学方法考证诸葛氏之起源,发表于2019年诸葛亮研究会年会
Detecting Fake Accounts in Online Social Networks at the Time of Registrations
Fake account detection for WeChat
Certificate Transparency in the Wild: Exploring the Reliability of Monitors
Exploring the Reliability of CT Monitors
MOPT: Optimized Mutation Scheduling for Fuzzers
A fuzzing mutation scheduling strategy based on PSO.
The CrossPath Attack: Disrupting the SDN Control Channel via Shared Link
Shared channels in SDN: attacks and defense
2018
Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation)
Generate exploits for POCs that do not crash.
αDiff: Cross-Version Binary Code Similarity Detection with DNN
Detect binary code similarity with DNN.
CollAFL: Path Sensitive Fuzzing
Improve fuzzing efficiency with high accuracy control flow information.
2017
Towards Efficient Heap Overflow Discovery
Detect heap overflow vulnerabilities thoroughly with symbolic execution.
2016
VTrust: Regaining Trust on Virtual Calls
protecting virtual function calls for programs with source code
2015
JITScope: Protecting Web Users from Control-Flow Hijacking Attacks
a control flow integrity (CFI) solution for JIT code
VTint: Protecting Virtual Function Tables’ Integrity
protecting virtual function calls for binaries
Exploiting and Protecting Dynamic Code Generation
a control flow integrity (CFI) solution for JIT code
2013
Practical Control Flow Integrity & Randomization for Binary Executables
a control flow integrity (CFI) solution for binaries
2012
A Framework to Eliminate Backdoors from Response-Computable Authentication
a framework to mitigate backdoor threats