I am a Research Fellow in CYSREN@NTU since July 2023. Before that, I was a Ph.D student at SCSE@NTU (School of Computer Science and Engineering, Nanyang Technological University) under the supervision of Prof. Liu Yang.

My research expertise mainly center around building tools factilitating vulnerability detection:

• Fuzz Driver Generation: LLM4FDG (ISSTA 24), Rubick (USENIX Sec 23), APICraft (USENIX Sec 21)
• Firmware Analysis: BVFinder (ICSE 24), EQUAFL (ISSTA 22), FirmGuide (ASE 21), ECMO (CCS 21)
• Model-Based Vulnerability Detection: Rengar (Oakland 23), Endwatch (ASE 23)
• General Fuzzing Improvements: Medusa (WWW 24), BiFF (ASE 21), MUZZ (USENIX Sec 20), Cerebro (FSE 19)

My works have received several awards from both academia and industry, such as the ACM SIGSOFT Distinguished Paper Awards of ASE 2023 and ICSE 2024, 2021 Most Influential Research Paper of Ant Finance, and 1st Award of Prototype Competition, Free Style Track, NASAC (ChinaSoft) 2019.

I’m also working as Project Co-Investigator for some research projects and mentoring several Ph.D students. In the future, I plan to explore more possibilities on vulnerability detection, such as modeling new kinds of vulnerbilities, exploring LLM-assisted approaches, etc.

News

•   Nov 2024: Our work “LLM Based Input Space Partitioning Testing for Library APIs” is accepted by ICSE 2025.
•   Sep 2024: Our work “A Survey of Protocol Fuzzing” is accepted by ACM Computing Surveys.
•   Aug 2024: Our work “Semantic-Enhanced Indirect Call Analysis with Large Language Models” is accepted by ASE 2024.
•   Jul 2024: Our work “How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation” is accepted by ISSTA 2024.
•   Jul 2024: Our work “Bugs in Pods: Understanding Bugs in Container Runtime Systems” is accepted by ISSTA 2024.
•   May 2024: Our work “Achilles’ Heel of JS Engines: Exploiting Modern Browsers During WASM Execution” is accepted by Black Hat USA 2024.
•   Mar 2024: Our paper “DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications” is accepted by ISSTA 2024.
•   Jan 2024: Our paper “Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations” is accepted by WWW 2024.
•   Oct 2023: Our paper “Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware” is accepted by ICSE 2024, Acceptance Rate: 8%, 65/808, 10K+ USD Bug Bounty ACM SIGSOFT Distinguished Paper Award.
•   July 2023: Our paper “Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers” is accepted by ASE 2023.
•   July 2023: Our paper “EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software” is accepted by ASE 2023 and has won ACM SIGSOFT Distinguished Paper Award.
•   April 2023: Our paper “Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation” is accepted by IEEE S&P 2023.
•   October 2022: Our paper “Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation” is accepted by Usenix Security 2023.
•   April 2022: Our paper “Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation” is accepted by ISSTA 2022.