I am a Research Fellow in CYSREN@NTU since July 2023. Before that, I was a Ph.D student at SCSE@NTU (School of Computer Science and Engineering, Nanyang Technological University) under the supervision of Prof. Liu Yang.

My research expertise mainly center around building tools factilitating vulnerability detection:

• Fuzz Driver Generation: Rubick (USENIX Sec 23), APICraft (USENIX Sec 21)
• Firmware Analysis: BVFinder (ICSE 24), EQUAFL (ISSTA 22), FirmGuide (ASE 21), ECMO (CCS 21)
• Model-Based Vulnerability Detection: Rengar (Oakland 23), Endwatch (ASE 23)
• General Fuzzing Improvements: Medusa (WWW 24), BiFF (ASE 21), MUZZ (USENIX Sec 20), Cerebro (FSE 19)

My works have received several awards from both academia and industry, such as the ACM SIGSOFT Distinguished Paper Awards of ASE 2023 and ICSE 2024, 2021 Most Influential Research Paper of Ant Finance, and 1st Award of Prototype Competition, Free Style Track, NASAC (ChinaSoft) 2019.

I’m also working as Project Co-Investigator for some research projects and mentoring several Ph.D students. In the future, I plan to explore more possibilities on vulnerability detection, such as modeling new kinds of vulnerbilities, exploring LLM-assisted approaches, etc.

News

•   I'm in the job market!
•   Mar 2024: Our paper “DeFort: Automatic Detection and Analysis of Price Manipulation Attacks in DeFi Applications” is accepted by ISSTA 2024.
•   Jan 2024: Our paper “Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations” is accepted by WWW 2024.
•   Oct 2023: Our paper “Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware” is accepted by ICSE 2024, Acceptance Rate: 8%, 65/808, 10K+ USD Bug Bounty ACM SIGSOFT Distinguished Paper Award.
•   July 2023: Our paper “Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers” is accepted by ASE 2023.
•   July 2023: Our paper “EndWatch: A Practical Method for Detecting Non-Termination in Real-World Software” is accepted by ASE 2023 and has won ACM SIGSOFT Distinguished Paper Award.
•   April 2023: Our paper “Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation” is accepted by IEEE S&P 2023.
•   October 2022: Our paper “Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation” is accepted by Usenix Security 2023.
•   April 2022: Our paper “Efficient Greybox Fuzzing of Applications in Linux-based IoT Devices via Enhanced User-mode Emulation” is accepted by ISSTA 2022.