发表论文
(1) Devils in the Guidance: Predicting Logic Vulnerabilities in Payment Syndication Services through Automated Documentation Analysis, Proceedings of the 28th USENIX Security Symposium (CCF-A类), 2019, 第 7 作者(2) KEPLER: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities, Proceedings of the 28th USENIX Security Symposium (CCF-A类), 2019, 第 4 作者(3) Demystifying Hidden Privacy Settings in Mobile Apps, IEEE Symposium on Security and Privacy(S&P 2019) (CCF-A类), 2019, 其他(合作组作者)(4) FUZE: Towards facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities, Proceedings of the 27th USENIX Security Symposium 2018(CCF-A类), 2018, 第 6 作者(5) Revery: from Proof-of-Concept to Exploitable (One Step towards Automatic Exploit Generation), ACM Conference on Computer and Communications Security (CCF-A类), 2018, 第 9 作者(6) 基于模式生成的浏览器模糊测试技术, 软件学报, 2018, 第 8 作者(7) Exploiting Proximity-based Mobile Apps for Large-Scale Location Privacy Probing, Security and Communication Networks, 2018, 第 6 作者(8) αDiff: Cross-Version Binary Code Similarity Detection with DNN, Proceedings of the 2018 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE’18, CCF-A类), 2018, 第 7 作者(9) Mass Discovery of Android Imprints through Instantiated Partial Execution, The ACM Conference on Computer and Communications Security(CCF-A类), 2017, 第 6 作者(10) I know where you all are! Exploiting mobile social apps for large-scale laction privacy probing, Australasian Conference on Information Security and Privacy 2016, 2016, 第 4 作者(11) Following Devil's Footprints: Cross-Platform Analysis of Potentially Harmful Libraries on Android and iOS, 36th IEEE Symposium on Security and Privacy (IEEE S&P)(CCF-A类), 2016, 第 10 作者(12) 动态资源感知的并行化模糊测试框架, 计算机应用研究, 2016, 第 4 作者(13) 面向动态生成代码的攻防技术综述, 信息安全学报, 2016, 第 3 作者(14) Checksum-Aware Fuzzing Combined with Dynamic Taint Analysis and Symbolic Execution, ACM Transactions on Information and System Security (TISSEC), 2011, 第 4 作者(15) Using Type Analysis in Compiler to Eliminate Integer-Overflow-to-Buffer-Overflow Threat, Journal of Computer Security (JCS), 2011, 第 2 作者(16) PaSeM: 并行无冲突的网络流量会话管理, 计算机学报, 2010, 第 3 作者(17) 一种多项式时间的路径敏感的污点分析方法, 计算机学报, 2009, 通讯作者(18) 僵尸网络研究, 软件学报, 2008, 通讯作者(19) 基于扩展目标规划图的网络攻击规划识别算法, 计算机学报, 2006, 第 4 作者