发表论文
(1) File Hijacking Vulnerability: The Elephant in the Room, Annual Network & Distributed System Security Symposium (NDSS) (CCF-A), 2024, 第11作者(2) RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing, 2023 IEEE Symposium on Security and Privacy(SP), 2023, 第 8 作者(3) 基于物联网设备局部仿真的反馈式模糊测试技术, Feedback-driven Fuzzing Technology Based on Partial Simulation of IoT Devices, 信息安全学报, 2023, 第 7 作者(4) ACETest: Automated Constraint Extraction for Testing Deep Learning Operators, ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) (CCF-A), 2023, 第 9 作者(5) 处理器微体系结构安全研究综述, Survey on Security Researches of Processor’s Microarchitecture, 信息安全学报, 2022, 第 3 作者(6) NDFuzz: a non-intrusive coverage-guided fuzzing framework for virtualized network devices, Cybersecurity, 2022, 第 9 作者(7) CAMFuzz: Explainable Fuzzing with Local Interpretation, CYBERSECURITY, 2022, 第 7 作者(8) SiCsFuzzer:基于稀疏插桩的闭源软件模糊测试方法, SiCsFuzzer:A Sparse-instrumentation-based Fuzzing Platform for Closed Source Software, 信息安全学报, 2022, 第 7 作者(9) RIBDetector: an RFC-guided Inconsistency Bug Detecting Approach for Protocol Implementations., SANER, 2022, 第 5 作者(10) VERJava: Vulnerable Version Identification for Java OSS with a Two-Stage Analysis, 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME), 2022, 第 8 作者(11) Finding SMM Privilege-Escalation Vulnerabilities in UEFI Firmware with Protocol-Centric Static Analysis, 2022 IEEE Symposium on Security and Privacy (S&P), 2022, 通讯作者(12) A Sanitizer-centric Analysis to Detect Cross-Site Scripting in PHP Programs, 2022 IEEE International Symposium on Software Reliability Engineering (ISSRE), 2022, 第 7 作者(13) ESRFuzzer: an enhanced fuzzing framework for physical SOHO router devices to discover multi-Type vulnerabilities, CYBERSECURITY, 2021, 第 2 作者(14) VIVA: Binary Level Vulnerability Identification via Partial Signature, SANER, 2021, (15) 固件安全检测技术概述, 保密科学技术, 2021, 第 3 作者(16) SoFi: Reflection-Augmented Fuzzing for JavaScript Engines, ACM Conference on Computer and Communications Security, 2021, 第11作者(17) B2SMatcher: fine-Grained version identification of open-Source software in binary files, CYBERSECURITY, 2021, 第 6 作者(18) Large-Scale Third-Party Library Detection in Android Markets, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2020, 第 8 作者(19) 变异策略感知的并行模糊测试研究, Research on Mutator Strategy-aware Parallel Fuzzing, 信息安全学报, 2020, 第 4 作者(20) ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis, ELAID:detecting integer-Overflow-to-Buffer-Overflow vulnerabilities by light-weight and accurate static analysis, CYBERSECURITY, 2020, 第 4 作者(21) MVP: Detecting Vulnerabilities using Patch-Enhanced Vulnerability Signatures, PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, 2020, 通讯作者(22) A Large-Scale Empirical Study on Vulnerability Distribution within Projects and the Lessons Learned, 2020 ACM/IEEE 42ND INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE, CCF-A), 2020, 第 8 作者(23) Exploiting the Trust Between Boundaries: Discovering Memory Corruptions in Printers via Driver-Assisted Testing, LCTES 2020 (CCF-B类), 2020, 第 9 作者(24) B2SFinder: Detecting Open-Source Software Reuse in COTS Software, 34TH IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2019), 2019, 第 13 作者(25) 1dVul: Discovering 1-day Vulnerabilities through Binary Patches, 2019 49TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN 2019), 2019, 第 7 作者(26) SRFuzzer: An Automatic Fuzzing Framework for Physical SOHO Router Devices to Discover Multi-Type Vulnerabilities, 35TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSA), 2019, 通讯作者(27) Open-Source License Violations of Binary Software at Large Scale, 2019 IEEE 26TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER), 2019, 第11作者(28) 知识、探索与状态平面组织的软件漏洞分析架构研究, Research on The Software Vulnerability Analysis Architecture with The Knowledge,Exploration and State Plane, 信息安全学报, 2019, 第 4 作者(29) Constructing Benchmarks for Supporting Explainable Evaluations of Static Application Security Testing Tools, 2019 13TH INTERNATIONAL SYMPOSIUM ON THEORETICAL ASPECTS OF SOFTWARE ENGINEERING (TASE 2019), 2019, 第 3 作者(30) 网络场景背景流量管理系统的设计与实现, 2nd International Conference on Advances in Energy, Environment and Chemical Science (AEECS 2018), 2018, 第 3 作者(31) RARE: An Efficient Static Fault Detection Framework for Definition-Use Faults in Large Programs, IEEE ACCESS, 2018, 第 3 作者(32) 动态事件序列制导的Android应用漏洞验证技术, Dynamic event sequence guidance for Android application vulnerability verification technology, 计算机工程与应用, 2018, 第 3 作者(33) A Light-weight and Accurate Method of Static Integer-Overflow-to-Buffer-Overflow Vulnerability Detection, The 14th International Conference on Information Security and Cryptology (Inscypt), 2018, 第 6 作者(34) alpha Diff: Cross-Version Binary Code Similarity Detection with DNN, PROCEEDINGS OF THE 2018 33RD IEEE/ACM INTERNATIONAL CONFERENCE ON AUTOMTED SOFTWARE ENGINEERING (ASE' 18), 2018, 通讯作者(35) 可编程模糊测试技术, Programmable Fuzzing Technology, 软件学报, 2018, 第 2 作者(36) 确保软件供应链安全是一项系统工程, 中国信息安全, 2018, 第 2 作者(37) 基于模式生成的浏览器模糊测试技术, Browser Fuzzing Technique Based on Pattern-Generation, 软件学报, 2018, 第 1 作者(38) LibD: Scalable and Precise Third-party Library Detection in Android Markets, 2017 IEEE/ACM 39TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2017, 第 8 作者(39) Locating Software Faults Based on Minimum Debugging Frontier Set, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2017, 第 3 作者(40) 动态资源感知的并行化模糊测试框架, Dynamic resource awareness framework for parallel fuzzing, 计算机应用研究, 2017, 第 3 作者(41) 面向动态生成代码的攻防技术综述, Survey on Attacking and Defending Technologies of Dynamic Code Generation, 信息安全学报, 2016, 第 2 作者(42) 典型文档类CVE漏洞检测工具的研究与实现, Research and Implementation of Typical Document CVE Vulnerability Detection Tools, 信息网络安全, 2014, 第 3 作者(43) 面向并发性能下降的调度策略的综述, Survey of Scheduling Policies for Co-Run Degradation, 计算机研究与发展, 2014, 第 3 作者(44) 一种场景敏感的高效错误检测方法, Efficient Scene-Sensitive Fault Detection Approach, 软件学报, 2014, 第 2 作者(45) Effective Fault Localization Based on Minimum Debugging Frontier Set, PROCEEDINGS OF THE 2013 IEEE/ACM INTERNATIONAL SYMPOSIUM ON CODE GENERATION AND OPTIMIZATION (CGO), 2013, 第 2 作者(46) 基于传播引擎的指针引用错误检测, A Propagation Engine Based Approach for Pointer Reference Fault Detection, 计算机学报, 2013, 第 2 作者(47) 一种基于最小调试边界的断点自动生成技术, Automatic Breakpoint Generating Approach Based on Minimum Debugging Frontier Set, 软件学报, 2013, 第 2 作者(48) 一种提高时序安全属性静态检测实用性的方法, A Precise and Scalable Static Checking Approach for Temporal Safety Property, 计算机学报, 2012, 第 1 作者(49) Making It Practical and Effective: Fast and Precise May-Happen-in-Parallel Analysis, International conference on parallel architectures and compilation techniques(poster), 2012, 第 2 作者(50) Can We Make It Faster? Efficient May-Happen-in-Parallel Analysis Revisited, 2012 13TH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS, AND TECHNOLOGIES (PDCAT 2012), 2012, 第 2 作者(51) 面向无线传感器网络应用的自适应调试方法, An Adaptive Debugging Approach for Wireless Sensor Network Applications, 计算机学报, 2011, 第 2 作者(52) 静态检测中断驱动程序的数据竞争, Static Race Detection of Interrupt-Driven Programs, 计算机研究与发展, 2011, 第 1 作者(53) 基于包含的指针分析优化技术综述, A Survey of Optimization Technology of Inclusion-Based Pointer Analysis, 计算机学报, 2011, 第 2 作者(54) 一种检测运行栈与静态数据区重叠的新方法, A New Approach to Detect the Overlap between Runtime Stack and Static Data Sections, 计算机工程与应用, 2006, 第 2 作者