Cen Zhang

Cen Zhang (张岑)

Security Researcher

Singapore

Email Google Scholar GitHub Twitter ORCID

I am currently a postdoctoral researcher at SSLab@Gatech under the supervision of Prof. Taesoo Kim, and the Java bug finding team leader of Team-Atlanta (1st place winner of AIxCC Competition with $4,000,000 award). Prior to this, I was a postdoc and Ph.D. student at the CCDS at Nanyang Technological University (NTU) under the guidance of Prof. Liu Yang since 2019.

My research expertise mainly centers around building tools facilitating vulnerability detection:

  • Fuzz Driver Generation: LLM4FDG (ISSTA 24), Rubick (USENIX Sec 23), APICraft (USENIX Sec 21)
  • Firmware Analysis: FirmWell (NDSS 2026), BVFinder (ICSE 24), EQUAFL (ISSTA 22), FirmGuide (ASE 21), ECMO (CCS 21)
  • Model-Based Vulnerability Detection: Rengar (Oakland 23), Endwatch (ASE 23)
  • General Fuzzing Improvements: Medusa (WWW 24), BiFF (ASE 21), MUZZ (USENIX Sec 20), Cerebro (FSE 19)

My works have received several awards from both academia and industry, such as the AIxCC 1st place Winner, ACM SIGSOFT Distinguished Paper Awards of ASE 2023 and ICSE 2024, 2021 Most Influential Research Paper of Ant Finance, and 1st Award of Prototype Competition, Free Style Track, NASAC (ChinaSoft) 2019.

I was also working as Project Co-Investigator for some research projects and mentoring several Ph.D students. In the future, I plan to explore more possibilities on vulnerability detection, such as modeling new kinds of vulnerabilities, exploring LLM-assisted approaches, etc.

News

  • Aug 2025 Our work "User-Space Dependency-Aware Rehosting for Linux-Based Firmware Binaries" is accepted by NDSS 2026.
  • Aug 2025 Thrilled to share our CRS has won the 1st place of AIxCC competition with $4,000,000 award!
  • Jul 2025 Our work "VULCANBOOST" is accepted by USENIX Security 2025. Honorable Mentions, 6% (25/407) of accepted papers
  • Jun 2025 Excited to serve on the Program Committee for ASE 2025!
  • Mar 2025 Excited to serve on the Program Committee for ACSAC 2025!

Publications

You can also find my articles on Google Scholar. (* = co-first author)

2026

  • User-Space Dependency-Aware Rehosting for Linux-Based Firmware Binaries
    Chuan Qin*, Cen Zhang*, Yaowen Zheng, Puzhuo Liu, Jian Zhang, Yeting Li, Weidong Zhang, Yang Liu, Limin Sun
    NDSS 2026

2025

  • ATLANTIS: AI-driven Threat Localization, Analysis, and Triage Intelligence System
    Team Atlanta (Cen Zhang works as the Atlantis-Java sub-team leader)
    Arxiv 2025 Technical report for DARPA AIxCC Competition 1st Place Winner system.
  • VULCANBOOST: Boosting ReDoS Fixes through Symbolic Representation and Feature Normalization
    Yeting Li, Yecheng Sun, Zhiwu Xu, Haiming Chen, Xinyi Wang, Hengyu Yang, Huina Chao, Cen Zhang, Yang Xiao, Yanyan Zou, Feng Li, Wei Huo
    USENIX Security 2025 Honorable Mentions, 6% (25/407) of the accepted papers
  • Smart Contract Fuzzing Towards Profitable Vulnerabilities
    Ziqiao Kong, Cen Zhang, Maoyi Xie, Ming Hu, Yue Xue, Ye Liu, Haijun Wang, Yang Liu
    FSE 2025
  • LLM Based Input Space Partitioning Testing for Library APIs
    Jiageng Li, Zhen Dong, Chong Wang, Haozhen You, Cen Zhang, Yang Liu, Xin Peng
    ICSE 2025

2024

  • A Survey of Protocol Fuzzing
    Xiaohan Zhang*, Cen Zhang*, Xinghua Li, Zhengjie Du, Bing Mao, Yuekang Li, Yaowen Zheng, Yeting Li, Li Pan, Yang Liu, Robert Deng
    ACM Computing Surveys
  • Semantic-Enhanced Indirect Call Analysis with Large Language Models
    Baijun Cheng, Cen Zhang, Kailong Wang, Ling Shi, Yang Liu, Haoyu Wang, Yao Guo, Xiangqun Chen
    ASE 2024
  • How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation
    Cen Zhang, Yaowen Zheng, Mingqiang Bai, Yeting Li, Wei Ma, Xiaofei Xie, Yuekang Li, Limin Sun, Yang Liu
    ISSTA 2024
  • Bugs in Pods: Understanding Bugs in Container Runtime Systems
    Jiongchi Yu, Xiaofei Xie, Cen Zhang, Sen Chen, Yuekang Li, Wenbo Shen
    ISSTA 2024
  • Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution
    Bohan Liu, Zong Cao, Zheng Wang, Yeqi Fu, Cen Zhang
    Black Hat USA 2024
  • DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications
    Maoyi Xie, Ming Hu, Ziqiao Kong, Cen Zhang, Yebo Feng, Haijun Wang, Yue Xue, Hao Zhang, Ye Liu, Yang Liu
    ISSTA 2024
  • Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations
    Zhengjie Du, Yuekang Li, Yaowen Zheng, Xiaohan Zhang, Cen Zhang, Yi Liu, Sheikh Mahbub Habib, Xinghua Li, Linzhang Wang, Yang Liu, Bing Mao
    WWW 2024
  • Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware
    Yiming Liu, Cen Zhang, Feng Li, Yeting Li, Jianhua Zhou, Jian Wang, Lanlan Zhan, Yang Liu, Wei Huo
    ICSE 2024 ACM SIGSOFT Distinguished Paper Award Acceptance Rate: 8% (65/808), 10K+ USD Bug Bounty

2023

  • Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers
    Yi Liu, Yuekang Li, Gelei Deng, Yao Du, Cen Zhang, Chengwei Liu, Yeting Li, Lei Ma, Yang Liu
    ASE 2023
  • EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software
    Yao Zhang, Xiaofei Xie, Yi Li, Sen Chen, Cen Zhang, Xiaohong Li
    ASE 2023 ACM SIGSOFT Distinguished Paper Award
  • Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation
    Xinyi Wang*, Cen Zhang*, Yeting Li, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, and Wei Huo
    IEEE S&P 2023
  • Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation
    Cen Zhang, Yuekang Li, Hao Zhou, Xiaohan Zhang, Yaowen Zheng, Xian Zhan, Xiaofei Xie, Xiapu Luo, Xinghua Li, Yang Liu, and Sheikh Mahbub Habib
    USENIX Security 2023

2022

2021

2020

  • Ori: A Greybox Fuzzer for SOME/IP Protocols in Automotive Ethernet
    Yuekang Li, Hongxu Chen, Cen Zhang, Siyang Xiong, Chaoyi Liu, and Yi Wang
    APSEC 2020 Best Paper Award in Early Research Achievement Track
  • MUZZ: Thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs
    Hongxu Chen, Shengjian Guo, Yinxing Xue, Yulei Sui, Cen Zhang, Yuekang Li, Haijun Wang, and Yang Liu
    USENIX Security 2020

2019

  • BiFF: An Effective Binary Fuzzing Framework with Cross-Architecture Support
    Cen Zhang, Yuekang Li, Hongxu Chen, Anh Quynh Nguyen, Yang Liu
    NASAC 2019 First Award in Software Prototype Competition Free Track
  • Cerebro: context-aware adaptive fuzzing for effective vulnerability detection
    Yuekang Li, Yinxing Xue, Hongxu Chen, Xiuheng Wu, Cen Zhang, Xiaofei Xie, Haijun Wang, and Yang Liu
    ESEC/FSE 2019

Awards

  • AIxCC 1st Place Winner — DARPA AI Cyber Challenge
  • Honorable Mention Award — USENIX Security 2025 (Top 6%, 25/407)
  • Best Paper Award for Thrust B Projects — Continental-NTU Corporate Lab 2024
  • ACM SIGSOFT Distinguished Paper Award — ICSE 2024
  • ACM SIGSOFT Distinguished Paper Award — ASE 2023
  • Best Paper Award of Year 2021 — Most Influential Research Paper Election of Ant Finance
  • Best Early-Research-Achievement Paper — APSEC 2020
  • 1st Award in Prototype Competition (freestyle track) — NASAC 2019

Professional Services

Program Committee

2027: ICSE · FSE
2026: ASE (Research, NIER) · ACSAC
2025: ASE (Research, NIER) · ACSAC · ISSTA (EXPRESS) · ICECCS · Oakland (HMISA) · IJCAI (Survey) · Internetware (Tool Demo) · ICDM (LLM4Sec) · EuroSys (Shadow) · MSR (Junior)

Journal Reviewing

TOSEM · TSE · TIFS · IEEE TR · TDSC

Tools

  • OSS-CRS — Open Source Cyber Reasoning System: orchestrate autonomous CRSs for OSS-Fuzz-style targets — bug-finding, bug-fixing, triage, and ensembles, all behind one CLI [Site] [GitHub]
  • fuzzdrivergpt — A GPT-Based Fuzz Driver Generator [GitHub]