学术论文

2026

Sysyphuzz: the Pressure of More Coverage

NDSS 2026 , download

Zezhong Ren , Han Zheng , Zhiyao Feng , Qinying Wang , Marcel Busch , Yuqing Zhang , Chao Zhang , Mathias Payer .

A kernel fuzzer designed to boost exploration of under-tested code regions.

FirmAgent: Leveraging Fuzzing to Assist LLM Agents with IoT Firmware Vulnerability Discovery

NDSS 2026 , download

Jiangan Ji , Chao Zhang , Shuitao Gan , Lin Jian , Hangtian Liu , Tieming Liu , Lei Zheng , Zhipeng Jia .

Leveraging fuzzing to assist LLM agents with IoT firmware vulnerability discovery.

2025

Improving LLM-based Log Parsing by Learning from Errors in Reasoning Traces

ASE 2025 , download

Jialai Wang , Juncheng Lu , Jie Yang , Junjie Wang , Zeyu Gao , Chao Zhang , Zhenkai Liang , Ee-Chien Chang .

Improving LLM-based log parsing by learning from errors in reasoning traces.

Tady: A Neural Disassembler without Structural Constraint Violations

USENIX Security 2025 , download

Siliang Qin , Fengrui Yang , Hao Wang , Bolun Zhang , Zeyu Gao , Chao Zhang , Kai Chen .

A neural disassembler without structural constraint violations based on post-dominance relations.

IDFUZZ: Intelligent Directed Grey-box Fuzzings

USENIX Security 2025 , download

Yiyang Chen , Chao Zhang , Long Wang , Wenyu Zhu , Changhua Luo , Nuoqi Gui , Zheyu Ma , Xingjian Zhang , Bingkai Su .

An intelligent directed grey-box fuzzing solution with neural network guided input mutation.

DecompileBench: A Comprehensive Benchmark for Evaluating Decompilers in Real-World Scenarios

ACL 2025 , download

Zeyu Gao , Yuxin Cui , Hao Wang , Siliang Qin , Yuanda Wang , Zhang Bolun , Chao Zhang .

A comprehensive benchmark for evaluating decompiler effectiveness in real-world reverse engineering scenarios.

Cowpox: Towards the Immunity of VLM-based Multi-Agent Systems

ICML 2025 , download

Yutong Wu , Jie Zhang , Yiming Li , Chao Zhang , Qing Guo , Han Qiu , Nils Lukas , Tianwei Zhang .

A defense approach to enhance robustness of multi-agent systems against adversarial attacks.

xFUZZ: A Flexible Framework for Fine-Grained, Runtime-Adaptive Fuzzing Strategy Composition

ISSTA 2025 , download

Dongsong Yu , Yiyi Wang , Chao Zhang , Yang Lan , Zhiyuan Jiang , Shuitao Gan , Zheyu Ma , Wende Tan .

A flexible framework for fine-grained, runtime-adaptive fuzzing strategy composition.

Enhancing Smart Contract Security Analysis with Execution Property Graphs

ISSTA 2025 , download

Kaihua Qin , Zhe Ye , Zhun Wang , Weilin Li , Liyi Zhou , Chao Zhang , Dawn Song , Arthur Gervais .

Clue framework achieves superior smart contract security analysis with high true positive rates and low false positive rates using Execution Property Graphs.

BinQuery: A Novel Framework for Retrieving Binary Function with Natural Language Query

ISSTA 2025 , download

Bolun Zhang , Zeyu Gao , Hao Wang , Yuxin Cui , Siliang Qin , Chao Zhang , Kai Chen , Beibei Zhao .

A novel framework for retrieving binary functions using natural language queries.

DCDiff: Enhancing JPEG Compression via Diffusion-based DC Coefficients Estimation

DAC 2025 , download

Ziyuan Zhang , Han Qiu , Tianwei Zhang , Bin Chen , Chao Zhang .

Enhancing JPEG compression via diffusion-based DC coefficients estimation method.

Your Scale Factors are My Weapon: Targeted Bit-Flip Attacks on Vision Transformers via Scale Factor Manipulation

CVPR 2025 , download

Jialai Wang , Yuxiao Wu , Weiye Xu , Yating Huang , Chao Zhang , Zongpeng Li , Mingwei Xu , Zhenkai Liang .

Targeted bit-flip attacks on vision transformers via scale factor manipulation.

A Benchmark for Semantic Sensitive Information in LLM’s Outputs

ICLR 2025 , download

Qingjie Zhang , Han Qiu , Di Wang , Yiming Li , Tianwei Zhang , Wenyu Zhu , Haiqing Weng , Liu Yan , Chao Zhang .

A benchmark for semantic sensitive information in LLM’s outputs.

An Engorgio Prompt Makes Large Language Model Babble On

ICLR 2025 , download

Jianshuo Dong , Ziyuan Zhang , Qingjie Zhang , Tianwei Zhang , Hao Wang , Hewu Li , Qi Li , Chao Zhang , Ke Xu , Han Qiu .

An engorgio prompt makes large language model babble on.

VulShield: Protecting Vulnerable Code Before Deploying Patches

NDSS 2025 , download

Yuan Li , Chao Zhang , Jinhao Zhu , Penghui Li , Chenyang Li , Songtao Yang , Wende Tan .

Protecting vulnerable code before deploying patches with automated security policies.

Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices

NDSS 2025 , download

Zheyu Ma , Qiang Liu , Zheming Li , Tingting Yin , Wende Tan , Chao Zhang , Mathias Payer .

Constructing device behavior models from OS drivers to fuzz virtual devices.

EAGLEYE: Exposing Hidden Web Interfaces in IoT Devices via Routing Analysis

NDSS 2025 , download

Hangtian Liu , Lei Zheng , Shuitao Gan , Chao Zhang , Zicong Gao , Hongqi Zhang , Yishun Zeng , Zhiyuan Jiang , Jiahai Yang .

Exposing hidden web interfaces in IoT devices via routing analysis and LLM context understanding.

CCTAG: Configurable and Combinable Tagged Architecture

NDSS 2025 , download

Zhanpeng Liu , Yi Rong , Chenyang Li , Wende Tan , Yuan Li , Xinhui Han , Songtao Yang , Chao Zhang .

A configurable and combinable tagged architecture for memory safety protection.

2024

Sublinear Distributed Product Checks on Replicated Secret-Shared Data over Z2𝑘 Without Ring Extensions

CCS 2024 , download

Yun Li , Daniel Escudero , Yufei Duan , Zhicong Huang , Cheng Hong , Chao Zhang , Yifan Song .

Sublinear distributed product checks on replicated secret-shared data over Z2𝑘 without ring extensions.

Test Suites Guided Vulnerability Validation for Node.js Applications

CCS 2024 , download

Changhua Luo , Penghui Li , Wei Meng , Chao Zhang .

Test suites guided vulnerability validation for Node.js applications.

CLAP: Learning Transferable Binary Code Representations with Natural Language Supervision

ISSTA 2024 , download

Hao Wang , Zeyu Gao , Chao Zhang , Zihan Sha , Mingyang Sun , Yuchen Zhou , Wenyu Zhu , Wenju Sun , Han Qiu , Xi Xiao .

Learning transferable binary code representations with natural language supervision.

CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection

ISSTA 2024 , download

Hao Wang , Zeyu Gao , Chao Zhang , Mingyang Sun , Yuchen Zhou , Han Qiu , Xi Xiao .

A cost-effective framework for large-scale binary code similarity detection.

Virtual Compiler Is All You Need For Assembly Code Search

ACL 2024 , download

Zeyu Gao , Hao Wang , Yuanda Wang , Chao Zhang .

Virtual compiler is all you need for assembly code search.

SDFUZZ: Target States Driven Directed Fuzzing

USENIX Security 2024 , download

Penghui Li , Wei Meng , Chao Zhang .

Target states driven directed fuzzing.

OptFuzz: Optimization Path Guided Fuzzing for JavaScript JIT Compilers

USENIX Security 2024 , download

Jiming Wang , Yan Kang , Chenggang Wu , Yuhao Hu , Yue Sun , Jikai Ren , Yuanming Lai , Mengyao Xie , Charles Zhang , Tao Li , Zhe Wang .

Optimization path guided fuzzing for JavaScript JIT compilers.

Improving ML-based Binary Function Similarity Detection by Assessing and Deprioritizing Control Flow Graph Features

USENIX Security 2024 , download

Jialai Wang , Chao Zhang , Longfei Chen , Yi Rong , Yuxiao Wu , Hao Wang , Wende Tan , Qi Li , Zongpeng Li .

Improving ml-based binary function similarity detection by assessing and deprioritizing control flow graph features.

Laser Shield: a Physical Defense with Polarizer against Laser Attacks on Autonomous Driving Systems

DAC 2024 , download

Qingjie Zhang , Lijun Chi , Di Wang , Mounira Msahli , Gerard Memmi , Tianwei Zhang , Chao Zhang , Han Qiu .

A physical defense with polarizer against laser attacks on autonomous driving systems.

Break the Wall from Bottom: Automated Discovery of Protocol-Level Evasion Vulnerabilities in Web Application Firewalls

IEEE S&P 2024 , download

Qi Wang , Jianjun Chen , Zheyu Jiang , Run Guo , Ximeng Liu , Chao Zhang , Haixin Duan .

Automated discovery of protocol-level evasion vulnerabilities in web application firewalls.

LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices

IEEE S&P 2024 , download

Hangtian Liu , Shuitao Gan , Chao Zhang , Zicong Gao , Hongqi Zhang , Xiangzhi Wang , Guangming Gao .

Response guided directed fuzzing for black-box IoT devices.

ConFuzz: Towards Large Scale Fuzz Testing of Smart Contracts in Ethereum

INFOCOM 2024 , download

Taiyu Wong , Chao Zhang , Yuandong Ni , Mingsen Luo , HeYing Chen , Yufei Yu , Weilin Li , Xiapu Luo , Haoyu Wang .

Towards large scale fuzz testing of smart contracts in Ethereum.

On the Effectiveness of Function-Level Vulnerability Detectors for Inter-Procedural Vulnerabilities

ICSE 2024 , download

Zhen Li , Ning Wang , Deqing Zou , Yating Li , Ruqian Zhang , Shouhuai Xu , Chao Zhang , Hai Jin .

On the effectiveness of function-level vulnerability detectors for inter-procedural vulnerabilities.

SHAPFUZZ: Efficient Fuzzing via Shapley-Guided Byte Selection

NDSS 2024 , download

Kunpeng Zhang , Xiaogang Zhu , Xiao Xi , Minhui Xue , Chao Zhang , Sheng Wen .

Efficient fuzzing via Shapley-guided byte selection.

REQSMINER: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing

NDSS 2024 , download

Linkai Zheng , Xiang Li , Chuhan Wang , Run Guo , Haixin Duan , Jianjun Chen , Chao Zhang , Kaiwen Shen .

Automated discovery of CDN forwarding request inconsistencies and DoS attacks with grammar-based fuzzing.

Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack

NDSS 2024 , download

Hao Zhou , Shuohan Wu , Chenxiong Qian , Xiapu Luo , Haipeng Cai , Chao Zhang .

Uncovering the unprotected components of android against overlay attack.

Faster and Better: Detecting Vulnerabilities in Linux-based IoT Firmware with Optimized Reaching Definition Analysis

NDSS 2024 , download

Zicong Gao , Chao Zhang , Hangtian Liu , Wenhou Sun , Zhizhuo Tang , Liehui Jiang , Jianjun Chen , Yong Xie .

Detecting vulnerabilities in linux-based iot firmware with optimized reaching definition analysis.

EnclaveFuzz: Finding Vulnerabilities in SGX Applications

NDSS 2024 , download

Liheng Chen , Zheming Li , Zheyu Ma , Yuan Li , Baojian Chen , Chao Zhang .

Finding vulnerabilities in SGX applications.

2023

Unmasking Role-Play Attack Strategies in Exploiting Decentralized Finance (DeFi) Systems

ACM DeFi 2023 , download

Weilin Li , Zhun Wang , Chenyu Li , Heying Chen , Taiyu Wong , Pengyu Sun , Yufei Yu , Chao Zhang .

Unmasking role-play attack strategies in exploiting decentralized finance systems.

Under the Dark: A Systematical Study of Stealthy Mining Pools (Ab)use in the Wild

ACM CCS 2023 , download

Zhenrui Zhang , Geng Hong , Xiang Li , Zhuoqun Fu , Jia Zhang , Mingxuan Liu , Chuhan Wang , Jianjun Chen , Baojun Liu , Haixin Duan , Chao Zhang , Min Yang .

A systematic study of stealthy mining pools abuse in the wild.

One Simple API Can Cause Hundreds of Bugs: An Analysis of Refcounting Bugs in All Modern Linux Kernels

SOSP 2023 , download

Liang He , Purui Su , Chao Zhang , Yan Cai , Jinxin Ma .

An analysis of refcounting bugs in all modern Linux kernels.

One-bit Flip is All You Need: When Bit-flip Attack Meets Model Training

ICCV 2023 , download

Jianshuo Dong , Han Qiu , Yiming Li , Tianwei Zhang , Yuanjie Li , Zeqi Lai , Chao Zhang , Shu-Tao Xia .

Exploring bit-flip attacks in the context of model training.

Thunderkaller: Profiling and Improving the Performance of Syzkaller

ASE 2023 , download

Yang Lan , Di Jin , Zhun Wang , Wende Tan , Zheyu Ma , Chao Zhang .

Profiling and improving the performance of syzkaller.