AIS2 Lab

Lingnan University, Hong Kong SAR.

Welcome to AIS2 (Artificial Intelligence and Systems Security) Lab! AIS2Lab is an AI-oriented security research team established by Asst Prof. Daoyuan Wu in the Division of Industrial Data Science, School of Data Science at Lingnan University (LU), one of the eight UGC-funded universities in Hong Kong.

We adopt a systems security mindset to advance the security and trustworthiness of artificial intelligence in the era of Large Language Models (LLMs). At AIS2Lab, we are committed to conducting inter-disciplinary research that integrates knowledge and methodologies from computer science, artificial intelligence, law, healthcare, and other related fields. Our work aims to address emerging security challenges and promote responsible innovation across both technical and societal domains.

Specifically, our research focuses on the following key areas:

Large Language Model and AI Security: LLMs for Cybersecurity; Security of LLMs; AI Safety; LLM + Law.

Blockchain and Smart Contract Security: Chain & DeFi Security; Consensus Security; Transaction Compliance.

GPU Software and Medical System Security: AI Infrastructure Security; Healthcare and Medical System Security.

Novel Program Analysis and Mobile Security: Novel Program Analysis & Fuzzing; LLM for Mobile; EdgeAI Security.

Through close collaboration with experts from diverse disciplines, AIS2Lab aims to build secure and responsible AI systems that benefit both technology and society. To realize this vision, we are always seeking passionate and persistent students (PhD/RA/Postdoc/Interns) with backgrounds or strong interests in AI/LLMs, blockchain, GPU and medical software, programming languages, and fuzzing to join AIS2Lab. We value persistence and a commitment to research excellence.
Currently, we have the following priority openings:

We are hiring one RA or Postdoc (asap) who aspires to understand GPU software security or medical system security. Additionally, there is one funded PhD position (due: 30 Apr 2026), who expects to work on LLMs for software supply chain security (see our FSE'22, NDSS'23, USENIX'24, ASE'25 papers). If you are passionate about AI, security, or interdisciplinary research, feel free to Email Us with your CV! More details are available on Prof. Wu's homepage.

Self-financed PhD/MPhil positions are always available. They are used only in cases where applicants do not meet the scholarship requirements set by the university committee but are still academically qualified to pursue PhD/MPhil studies. In such cases, I will support you as a part-time RA, which will cover your tuition fees and provide some living allowance.

news

Jan 01, 2026 Our lab page goes online! :sparkles: :sparkles:
Sep 26, 2025 Four papers accepted by IEEE/ACM ASE 2025.
Aug 16, 2025 PI joined Lingnan University as a tenure-track Assistant Professor.

selected publications

  1. ASE
    Detecting Various DeFi Price Manipulations with LLM Reasoning
    Juantao Zhong, Daoyuan Wu, Ye Liu, Maoyi Xie, Yang Liu, Yi Li, and Ning Liu
    In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025
    Bib
  2. ASE
    Demystifying OpenZeppelin’s Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts
    Han Liu, Daoyuan Wu, Yuqiang Sun, Shuai Wang, Yang Liu, and Yixiang Chen
    In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025
    Bib
  3. ASE
    Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study
    Han Liu, Daoyuan Wu, Yuqiang Sun, Shuai Wang, and Yang Liu
    In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025
    Bib
  4. TSE
    ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts
    Lyuye Zhang, Kaixuan Li, Kairan Sun, Daoyuan Wu, Ye Liu, Haoye Tian, and Yang Liu
    IEEE Transactions on Software Engineering (TSE), 2025
    Bib
  5. CCS
    Measuring and Augmenting Large Language Models for Solving Capture-the-Flag Challenges
    Zimo Ji, Daoyuan Wu, Wenyuan Jiang, Pingchuan Ma, Zongjie Li, and Shuai Wang
    In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025
    Bib
  6. CCS
    Differentiation-Based Extraction of Proprietary Data from Fine-tuned LLMs
    Zongjie Li, Daoyuan Wu, Shuai Wang, and Zhendong Su
    In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025
    Bib
  7. OOPSLA
    API-guided Dataset Synthesis to Finetune Large Code Models
    Zongjie Li, Daoyuan Wu, Shuai Wang, and Zhendong Su
    Proceedings of the ACM on Programming Languages (OOPSLA), 2025
    Bib
  8. USENIX Security
    SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner
    Xunguang Wang, Daoyuan Wu, Zhenlan Ji, Zongjie Li, Pingchuan Ma, Shuai Wang, Yingjiu Li, Yang Liu, Ning Liu, and Juergen Rahmel
    In Proc. USENIX Security Symposium, 2025
    Bib
  9. USENIX Security
    Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators
    Kunpeng Zhang, Zongjie Li, Daoyuan Wu, Shuai Wang, and Xin Xia
    In Proc. USENIX Security Symposium, 2025
    Bib
  10. ISSTA
    DecLLM: LLM-Augmented Recompilable Decompilation for Enabling Programmatic Use of Decompiled Code
    Wai Kin Wong, Daoyuan Wu, Huaijin Wang, Zongjie Li, Zhibo Liu, Shuai Wang, Qiyi Tang, Sen Nie, and Shi Wu
    Proceedings of the ACM on Software Engineering (ISSTA), 2025
    Bib
  11. ICSE
    Testing and Understanding Deviation Behaviors in FHE-hardened Machine Learning Models
    Yiteng Peng, Daoyuan Wu, Zhibo Liu, Dongwei Xiao, Zhenlan Ji, Juergen Rahmel, and Shuai Wang
    In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2025
    Bib
  12. ICSE
    Combining Fine-Tuning and LLM-Based Agents for Intuitive Smart Contract Auditing with Justifications
    Wei Ma, Daoyuan Wu, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, and Yang Liu
    In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2025
    Bib
  13. NDSS
    PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation
    Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu
    In Proc. ISOC Network and Distributed System Security Symposium (NDSS), 2025
    Distinguished Paper Award Bib
  14. DLT
    AGChain: A Blockchain-based Gateway for Trustworthy App Delegation from Mobile App Markets
    Mengjie Chen, Xiao Yi, Daoyuan Wu, Jianliang Xu, Yingjiu Li, and Debin Gao
    ACM Distributed Ledger Technologies: Research and Practice (DLT), 2024
    Bib
  15. EMNLP
    Split and Merge: Aligning Position Biases in LLM-based Evaluators
    Zongjie Li, Chaozheng Wang, Pingchuan Ma, Daoyuan Wu, Shuai Wang, Cuiyun Gao, and Yang Liu
    In Proc. Conference on Empirical Methods in Natural Language Processing (EMNLP), 2024
    Bib
  16. USENIX Security
    Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts
    Han Liu, Daoyuan Wu, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, and Yixiang Chen
    In Proc. USENIX Security Symposium, 2024
    Bib
  17. EuroS&P
    MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search
    Zicheng Zhang, Haoyu Ma, Daoyuan Wu, Debin Gao, Xiao Yi, Yufan Chen, Yan Wu, and Lingxiao Jiang
    In Proc. IEEE European Symposium on Security and Privacy (EuroS&P), 2024
    Bib
  18. ICSE
    GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis
    Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu
    In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2024
    Bib
  19. ISSTA
    Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts
    Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, and Lingxiao Jiang
    In Proc. ACM International Symposium on Software Testing and Analysis (ISSTA), 2023
    Bib
  20. NDSS
    BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects
    Xiao Yi, Yuzhou Fang, Daoyuan Wu, and Lingxiao Jiang
    In Proc. ISOC Network and Distributed System Security Symposium (NDSS), 2023
    Bib
  21. FSE
    An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns
    Xiao Yi, Daoyuan Wu, Lingxiao Jiang, Yuzhou Fang, Kehuan Zhang, and Wei Zhang
    In Proc. ACM Symposium on the Foundations of Software Engineering (FSE), 2022
    Bib
  22. RAID
    On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps
    Zicheng Zhang, Daoyuan Wu, Lixiang Li, and Debin Gao
    In Proc. International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2021
    Bib
  23. DSN
    When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid
    Daoyuan Wu, Debin Gao, Robert H Deng, and Chang Rocky KC
    In Proc. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2021
    Bib
  24. EMSE
    Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls
    Daoyuan Wu, Debin Gao, and David Lo
    Springer Empirical Software Engineering (EMSE), 2021
    Bib
  25. DIMVA
    Understanding Android VoIP Security: A System-Level Vulnerability Assessment
    En He, Daoyuan Wu, and Robert H Deng
    In Springer International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2020
    Bib
  26. AsiaCCS
    Towards Understanding Android System Vulnerabilities: Techniques and Insights
    Daoyuan Wu, Debin Gao, Eric KT Cheng, Yichen Cao, Jintao Jiang, and Robert H Deng
    In Proc. ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2019
    Bib
  27. NDSS
    Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment
    Daoyuan Wu, Debin Gao, Rocky KC Chang, En He, Eric KT Cheng, and Robert H Deng
    In Proc. ISOC Network and Distributed System Security Symposium (NDSS), 2019
    Bib
  28. CODASPY
    SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications
    Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, and Robert H Deng
    In Proc. ACM Conference on Data and Applications Security and Privacy (CODASPY), 2018
    Bib
  29. USENIX ATC
    MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance
    Daoyuan Wu, Rocky KC Chang, Weichao Li, Eric KT Cheng, and Debin Gao
    In Proc. USENIX Annual Technical Conference (ATC), 2017
    Bib
  30. WASA
    Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps
    Daoyuan Wu, Ximing Liu, Jiayun Xu, David Lo, and Debin Gao
    In Proc. Springer International Conference on Wireless Algorithms, Systems, and Applications (WASA), 2017
    Bib
  31. MoST
    Indirect File Leaks in Mobile Applications
    Daoyuan Wu and Rocky KC Chang
    In Proc. IEEE Mobile Security Technologies (MoST), in conjunction with S&P, 2015
    Bib
  32. ISC
    Analyzing Android Browser Apps for file:// Vulnerabilities
    Daoyuan Wu and Rocky KC Chang
    In Proc. Springer Information Security Conference (ISC), 2014
    Bib