Publication

2026

1. OOPSLA

   LLM-Powered Silent Bug Fuzzing in Deep Learning Libraries via Versatile and Controlled Bug Transfer

   Kunpeng Zhang, Dongwei Xiao, Daoyuan Wu, Shuai Wang, Jiali Zhao, Yuanyi Lin, Tongtong Xu, and Shaohua Wang

   Proceedings of the ACM on Programming Languages (OOPSLA), 2026

   Bib

   @article{zhang2026llmpowered,
     llm4sec = {true},
     title = {LLM-Powered Silent Bug Fuzzing in Deep Learning Libraries via Versatile and Controlled Bug Transfer},
     author = {Zhang, Kunpeng and Xiao, Dongwei and Wu, Daoyuan and Wang, Shuai and Zhao, Jiali and Lin, Yuanyi and Xu, Tongtong and Wang, Shaohua},
     journal = {Proceedings of the ACM on Programming Languages (OOPSLA)},
     year = {2026}
   }

2. EuroSys

   No More Translation at Runtime: LLM-Empowered Static Binary Translation

   Zhibo Liu, Huaijin Wang, Wai Kin Wong, Daoyuan Wu, and Shuai Wang

   In Proc. ACM SIGOPS European Conference on Computer Systems (EuroSys), 2026

   Bib

   @inproceedings{liu2026nomoretranslation,
     top_sys_conf = {true},
     llm4sec = {true},
     title = {No More Translation at Runtime: LLM-Empowered Static Binary Translation},
     author = {Liu, Zhibo and Wang, Huaijin and Wong, Wai Kin and Wu, Daoyuan and Wang, Shuai},
     booktitle = {Proc. ACM SIGOPS European Conference on Computer Systems (EuroSys)},
     year = {2026}
   }

3. ICLR

   GuidedBench: Measuring and Mitigating the Evaluation Discrepancies of In-the-wild LLM Jailbreak Methods

   Ruixuan Huang, Xunguang Wang, Zongjie Li, Daoyuan Wu, and Shuai Wang

   In Proc. International Conference on Learning Representations (ICLR), 2026

   Bib

   @inproceedings{huang2026guidedbench,
     top_ai_conf = {true},
     title = {GuidedBench: Measuring and Mitigating the Evaluation Discrepancies of In-the-wild LLM Jailbreak Methods},
     author = {Huang, Ruixuan and Wang, Xunguang and Li, Zongjie and Wu, Daoyuan and Wang, Shuai},
     booktitle = {Proc. International Conference on Learning Representations (ICLR)},
     year = {2026}
   }

4. USENIX Security

   Lost in Blockchain Address Misuse: Hidden Cross-Platform Risks and Their Security Impact

   Zhenzhe Shao, Jiashuo Zhang, Zihao Li, Daoyuan Wu, Chong Chen, Yiming Shen, Lingfeng Bao, Yanlin Wang, and Jiachi Chen

   In Proc. USENIX Security Symposium, 2026

   Bib

   @inproceedings{shao2026lost,
     title = {Lost in Blockchain Address Misuse: Hidden Cross-Platform Risks and Their Security Impact},
     author = {Shao, Zhenzhe and Zhang, Jiashuo and Li, Zihao and Wu, Daoyuan and Chen, Chong and Shen, Yiming and Bao, Lingfeng and Wang, Yanlin and Chen, Jiachi},
     booktitle = {Proc. USENIX Security Symposium},
     year = {2026}
   }

5. USENIX Security

   Revealing the Dark Side of Smart Accounts: An Empirical Study of EIP-7702 Incurred Risks in Blockchain Ecosystem

   Mingyuan Huang, Han Liu, Shuo Yang, Daoyuan Wu, and Shuai Wang

   In Proc. USENIX Security Symposium, 2026

   Bib

   @inproceedings{huang2026revealing,
     title = {Revealing the Dark Side of Smart Accounts: An Empirical Study of EIP-7702 Incurred Risks in Blockchain Ecosystem},
     author = {Huang, Mingyuan and Liu, Han and Yang, Shuo and Wu, Daoyuan and Wang, Shuai},
     booktitle = {Proc. USENIX Security Symposium},
     year = {2026}
   }

6. USENIX Security

   MASLeak: Investigating and Exposing Intellectual Property Leakage Vulnerabilities in Multi-Agent Systems

   Liwen Wang, Wenxuan Wang, Shuai Wang, Zongjie Li, Zhenlan Ji, Zongyi Lyu, Daoyuan Wu, and Shing-Chi Cheung

   In Proc. USENIX Security Symposium, 2026

   Bib

   @inproceedings{wang2026masleak,
     title = {MASLeak: Investigating and Exposing Intellectual Property Leakage Vulnerabilities in Multi-Agent Systems},
     author = {Wang, Liwen and Wang, Wenxuan and Wang, Shuai and Li, Zongjie and Ji, Zhenlan and Lyu, Zongyi and Wu, Daoyuan and Cheung, Shing-Chi},
     booktitle = {Proc. USENIX Security Symposium},
     year = {2026}
   }

7. S&P

   SoK: Evaluating Jailbreak Guardrails for Large Language Models

   Xunguang Wang, Zhenlan Ji, Wenxuan Wang, Zongjie Li, Daoyuan Wu, and Shuai Wang

   In Proc. IEEE Symposium on Security and Privacy (S&P), 2026

   Bib

   @inproceedings{wang2026sok,
     title = {SoK: Evaluating Jailbreak Guardrails for Large Language Models},
     author = {Wang, Xunguang and Ji, Zhenlan and Wang, Wenxuan and Li, Zongjie and Wu, Daoyuan and Wang, Shuai},
     booktitle = {Proc. IEEE Symposium on Security and Privacy (S\&P)},
     year = {2026}
   }

2025

1. ASE

   Learning from the Past: Real-World Exploit Migration for Smart Contract PoC Generation

   Kairan Sun, Zhengzi Xu, Kaixuan Li, Lyuye Zhang, Yebo Feng, Daoyuan Wu, and Yang Liu

   In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025

   Bib

   @inproceedings{sun2025learning,
     top_se_conf = {true},
     title = {Learning from the Past: Real-World Exploit Migration for Smart Contract PoC Generation},
     author = {Sun, Kairan and Xu, Zhengzi and Li, Kaixuan and Zhang, Lyuye and Feng, Yebo and Wu, Daoyuan and Liu, Yang},
     booktitle = {Proc. IEEE/ACM Automated Software Engineering (ASE)},
     year = {2025}
   }

2. ASE

   Detecting Various DeFi Price Manipulations with LLM Reasoning

   Juantao Zhong, Daoyuan Wu, Ye Liu, Maoyi Xie, Yang Liu, Yi Li, and Ning Liu

   In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025

   Bib

   @inproceedings{zhong2025detecting,
     top_se_conf = {true},
     llm4sec = {true},
     title = {Detecting Various DeFi Price Manipulations with LLM Reasoning},
     author = {Zhong, Juantao and Wu, Daoyuan and Liu, Ye and Xie, Maoyi and Liu, Yang and Li, Yi and Liu, Ning},
     booktitle = {Proc. IEEE/ACM Automated Software Engineering (ASE)},
     year = {2025}
   }

3. ASE

   Demystifying OpenZeppelin’s Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts

   Han Liu, Daoyuan Wu, Yuqiang Sun, Shuai Wang, Yang Liu, and Yixiang Chen

   In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025

   Bib

   @inproceedings{liu2025demystifying,
     top_se_conf = {true},
     title = {Demystifying OpenZeppelin's Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts},
     author = {Liu, Han and Wu, Daoyuan and Sun, Yuqiang and Wang, Shuai and Liu, Yang and Chen, Yixiang},
     booktitle = {Proc. IEEE/ACM Automated Software Engineering (ASE)},
     year = {2025}
   }

4. ASE

   Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study

   Han Liu, Daoyuan Wu, Yuqiang Sun, Shuai Wang, and Yang Liu

   In Proc. IEEE/ACM Automated Software Engineering (ASE), 2025

   Bib

   @inproceedings{liu2025have,
     top_se_conf = {true},
     title = {Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study},
     author = {Liu, Han and Wu, Daoyuan and Sun, Yuqiang and Wang, Shuai and Liu, Yang},
     booktitle = {Proc. IEEE/ACM Automated Software Engineering (ASE)},
     year = {2025}
   }

5. TSE

   ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts

   Lyuye Zhang, Kaixuan Li, Kairan Sun, Daoyuan Wu, Ye Liu, Haoye Tian, and Yang Liu

   IEEE Transactions on Software Engineering (TSE), 2025

   Bib

   @article{zhang2025acfix,
     llm4sec = {true},
     title = {ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts},
     author = {Zhang, Lyuye and Li, Kaixuan and Sun, Kairan and Wu, Daoyuan and Liu, Ye and Tian, Haoye and Liu, Yang},
     journal = {IEEE Transactions on Software Engineering (TSE)},
     year = {2025}
   }

6. TSE

   Advanced Smart Contract Vulnerability Detection via LLM-Powered Multi-Agent Systems

   Zhiyuan Wei, Jing Sun, Yuqiang Sun, Ye Liu, Daoyuan Wu, Zijian Zhang, Xianhao Zhang, Meng Li, Yang Liu, Chunmiao Li, Mingchao Wan, Jin Dong, and Liehuang Zhu

   IEEE Transactions on Software Engineering (TSE), 2025

   Bib

   @article{wei2025advanced,
     llm4sec = {true},
     title = {Advanced Smart Contract Vulnerability Detection via LLM-Powered Multi-Agent Systems},
     author = {Wei, Zhiyuan and Sun, Jing and Sun, Yuqiang and Liu, Ye and Wu, Daoyuan and Zhang, Zijian and Zhang, Xianhao and Li, Meng and Liu, Yang and Li, Chunmiao and Wan, Mingchao and Dong, Jin and Zhu, Liehuang},
     journal = {IEEE Transactions on Software Engineering (TSE)},
     year = {2025}
   }

7. TOSEM

   Pre-trained Model-based Actionable Warning Identification: A Feasibility Study

   Xiuting Ge, Chunrong Fang, Quanjun Zhang, Daoyuan Wu, Bowen Yu, Qirui Zheng, An Guo, Shangwei Lin, Zhihong Zhao, Yang Liu, and Zhenyu Chen

   ACM Transactions on Software Engineering and Methodology (TOSEM), 2025

   Bib

   @article{ge2025pretrained,
     llm4sec = {true},
     title = {Pre-trained Model-based Actionable Warning Identification: A Feasibility Study},
     author = {Ge, Xiuting and Fang, Chunrong and Zhang, Quanjun and Wu, Daoyuan and Yu, Bowen and Zheng, Qirui and Guo, An and Lin, Shangwei and Zhao, Zhihong and Liu, Yang and Chen, Zhenyu},
     journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
     year = {2025}
   }

8. TOSEM

   MANDO-LLM: Heterogeneous Graph Transformers with Large Language Models for Smart Contract Vulnerability Detection

   Nhat-Minh Nguyen, Hoang H Nguyen, Long Le Thanh, Zahra Ahmadi, Thanh-Nam Doan, Daoyuan Wu, and Lingxiao Jiang

   ACM Transactions on Software Engineering and Methodology (TOSEM), 2025

   Bib

   @article{nguyen2025mando,
     llm4sec = {true},
     title = {MANDO-LLM: Heterogeneous Graph Transformers with Large Language Models for Smart Contract Vulnerability Detection},
     author = {Nguyen, Nhat-Minh and Nguyen, Hoang H and Thanh, Long Le and Ahmadi, Zahra and Doan, Thanh-Nam and Wu, Daoyuan and Jiang, Lingxiao},
     journal = {ACM Transactions on Software Engineering and Methodology (TOSEM)},
     year = {2025}
   }

9. CCS

   The Phantom Menace in Crypto-Based PET-Hardened Deep Learning Models: Invisible Configuration-Induced Attacks

   Yiteng Peng, Dongwei Xiao, Zhibo Liu, Zhenlan Ji, Daoyuan Wu, Shuai Wang, and Juergen Rahmel

   In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025

   Bib

   @inproceedings{peng2025phantom,
     title = {The Phantom Menace in Crypto-Based PET-Hardened Deep Learning Models: Invisible Configuration-Induced Attacks},
     author = {Peng, Yiteng and Xiao, Dongwei and Liu, Zhibo and Ji, Zhenlan and Wu, Daoyuan and Wang, Shuai and Rahmel, Juergen},
     booktitle = {Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS)},
     year = {2025}
   }

10. CCS

    Measuring and Augmenting Large Language Models for Solving Capture-the-Flag Challenges

    Zimo Ji, Daoyuan Wu, Wenyuan Jiang, Pingchuan Ma, Zongjie Li, and Shuai Wang

    In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025

    Bib

    @inproceedings{ji2025measuring,
      llm4sec = {true},
      title = {Measuring and Augmenting Large Language Models for Solving Capture-the-Flag Challenges},
      author = {Ji, Zimo and Wu, Daoyuan and Jiang, Wenyuan and Ma, Pingchuan and Li, Zongjie and Wang, Shuai},
      booktitle = {Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS)},
      year = {2025}
    }

11. CCS

    Differentiation-Based Extraction of Proprietary Data from Fine-tuned LLMs

    Zongjie Li, Daoyuan Wu, Shuai Wang, and Zhendong Su

    In Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS), 2025

    Bib

    @inproceedings{li2025differentiation,
      title = {Differentiation-Based Extraction of Proprietary Data from Fine-tuned LLMs},
      author = {Li, Zongjie and Wu, Daoyuan and Wang, Shuai and Su, Zhendong},
      booktitle = {Proc. ACM SIGSAC Conference on Computer and Communications Security (CCS)},
      year = {2025}
    }

12. OOPSLA

    Extraction and Mutation at a High Level: Template-Based Fuzzing for JavaScript Engines

    Wai Kin Wong, Dongwei Xiao, Cheuk Tung Lai, Yiteng Peng, Daoyuan Wu, and Shuai Wang

    Proceedings of the ACM on Programming Languages (OOPSLA), 2025

    Bib

    @article{wong2025extraction,
      title = {Extraction and Mutation at a High Level: Template-Based Fuzzing for JavaScript Engines},
      author = {Wong, Wai Kin and Xiao, Dongwei and Lai, Cheuk Tung and Peng, Yiteng and Wu, Daoyuan and Wang, Shuai},
      journal = {Proceedings of the ACM on Programming Languages (OOPSLA)},
      volume = {9},
      number = {OOPSLA2},
      pages = {2898--2926},
      year = {2025},
      publisher = {ACM New York, NY, USA}
    }

13. OOPSLA

    API-guided Dataset Synthesis to Finetune Large Code Models

    Zongjie Li, Daoyuan Wu, Shuai Wang, and Zhendong Su

    Proceedings of the ACM on Programming Languages (OOPSLA), 2025

    Bib

    @article{li2025api,
      title = {API-guided Dataset Synthesis to Finetune Large Code Models},
      author = {Li, Zongjie and Wu, Daoyuan and Wang, Shuai and Su, Zhendong},
      journal = {Proceedings of the ACM on Programming Languages (OOPSLA)},
      volume = {9},
      number = {OOPSLA1},
      pages = {786--815},
      year = {2025},
      publisher = {ACM New York, NY, USA}
    }

14. USENIX Security

    SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner

    Xunguang Wang, Daoyuan Wu, Zhenlan Ji, Zongjie Li, Pingchuan Ma, Shuai Wang, Yingjiu Li, Yang Liu, Ning Liu, and Juergen Rahmel

    In Proc. USENIX Security Symposium, 2025

    Bib

    @inproceedings{wang2025selfdefend,
      title = {SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner},
      author = {Wang, Xunguang and Wu, Daoyuan and Ji, Zhenlan and Li, Zongjie and Ma, Pingchuan and Wang, Shuai and Li, Yingjiu and Liu, Yang and Liu, Ning and Rahmel, Juergen},
      booktitle = {Proc. USENIX Security Symposium},
      year = {2025}
    }

15. USENIX Security

    Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators

    Kunpeng Zhang, Zongjie Li, Daoyuan Wu, Shuai Wang, and Xin Xia

    In Proc. USENIX Security Symposium, 2025

    Bib

    @inproceedings{zhang2025lowcost,
      llm4sec = {true},
      title = {Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators},
      author = {Zhang, Kunpeng and Li, Zongjie and Wu, Daoyuan and Wang, Shuai and Xia, Xin},
      booktitle = {Proc. USENIX Security Symposium},
      year = {2025}
    }

16. SACMAT

    Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)

    Jiaming Yuan, Yingjiu Li, Jun Li, Daoyuan Wu, Jianting Ning, Yangguang Tian, and Robert H Deng

    In Proc. ACM Symposium on Access Control Models and Technologies (SACMAT), 2025

    Bib

    @inproceedings{yuan2025leakage,
      title = {Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE)},
      author = {Yuan, Jiaming and Li, Yingjiu and Li, Jun and Wu, Daoyuan and Ning, Jianting and Tian, Yangguang and Deng, Robert H},
      booktitle = {Proc. ACM Symposium on Access Control Models and Technologies (SACMAT)},
      year = {2025}
    }

17. ISSTA

    DecLLM: LLM-Augmented Recompilable Decompilation for Enabling Programmatic Use of Decompiled Code

    Wai Kin Wong, Daoyuan Wu, Huaijin Wang, Zongjie Li, Zhibo Liu, Shuai Wang, Qiyi Tang, Sen Nie, and Shi Wu

    Proceedings of the ACM on Software Engineering (ISSTA), 2025

    Bib

    @article{wong2025decllm,
      top_se_conf = {true},
      llm4sec = {true},
      title = {DecLLM: LLM-Augmented Recompilable Decompilation for Enabling Programmatic Use of Decompiled Code},
      author = {Wong, Wai Kin and Wu, Daoyuan and Wang, Huaijin and Li, Zongjie and Liu, Zhibo and Wang, Shuai and Tang, Qiyi and Nie, Sen and Wu, Shi},
      journal = {Proceedings of the ACM on Software Engineering (ISSTA)},
      volume = {2},
      number = {ISSTA},
      pages = {1841--1864},
      year = {2025},
      publisher = {ACM New York, NY, USA}
    }

18. PLDI

    Divergence-Aware Testing of Graphics Shader Compiler Back-Ends

    Dongwei Xiao, Shuai Wang, Zhibo Liu, Yiteng Peng, Daoyuan Wu, and Zhendong Su

    Proceedings of the ACM on Programming Languages (PLDI), 2025

    Bib

    @article{xiao2025divergence,
      title = {Divergence-Aware Testing of Graphics Shader Compiler Back-Ends},
      author = {Xiao, Dongwei and Wang, Shuai and Liu, Zhibo and Peng, Yiteng and Wu, Daoyuan and Su, Zhendong},
      journal = {Proceedings of the ACM on Programming Languages (PLDI)},
      volume = {9},
      number = {PLDI},
      pages = {1367--1391},
      year = {2025},
      publisher = {ACM New York, NY, USA}
    }

19. ICSE

    Testing and Understanding Deviation Behaviors in FHE-hardened Machine Learning Models

    Yiteng Peng, Daoyuan Wu, Zhibo Liu, Dongwei Xiao, Zhenlan Ji, Juergen Rahmel, and Shuai Wang

    In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2025

    Bib

    @inproceedings{peng2025testing,
      top_se_conf = {true},
      title = {Testing and Understanding Deviation Behaviors in FHE-hardened Machine Learning Models},
      author = {Peng, Yiteng and Wu, Daoyuan and Liu, Zhibo and Xiao, Dongwei and Ji, Zhenlan and Rahmel, Juergen and Wang, Shuai},
      booktitle = {Proc. IEEE/ACM Conference on Software Engineering (ICSE)},
      year = {2025}
    }

20. ICSE

    Combining Fine-Tuning and LLM-Based Agents for Intuitive Smart Contract Auditing with Justifications

    Wei Ma, Daoyuan Wu, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, and Yang Liu

    In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2025

    Bib

    @inproceedings{ma2025combining,
      top_se_conf = {true},
      llm4sec = {true},
      title = {Combining Fine-Tuning and LLM-Based Agents for Intuitive Smart Contract Auditing with Justifications},
      author = {Ma, Wei and Wu, Daoyuan and Sun, Yuqiang and Wang, Tianwen and Liu, Shangqing and Zhang, Jian and Xue, Yue and Liu, Yang},
      booktitle = {Proc. IEEE/ACM Conference on Software Engineering (ICSE)},
      year = {2025}
    }

21. NDSS

    PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation

    Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu

    In Proc. ISOC Network and Distributed System Security Symposium (NDSS), 2025

    Distinguished Paper Award Bib

    NDSS 2025 Distinguished Paper Award (10 selected from 211 accepted papers out of 1,311 submissions)

    @inproceedings{zhong2025detectinh,
      llm4sec = {true},
      title = {PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation},
      author = {Liu, Ye and Xue, Yue and Wu, Daoyuan and Sun, Yuqiang and Li, Yi and Shi, Miaolei and Liu, Yang},
      booktitle = {Proc. ISOC Network and Distributed System Security Symposium (NDSS)},
      year = {2025}
    }

2024

1. DLT

   AGChain: A Blockchain-based Gateway for Trustworthy App Delegation from Mobile App Markets

   Mengjie Chen, Xiao Yi, Daoyuan Wu, Jianliang Xu, Yingjiu Li, and Debin Gao

   ACM Distributed Ledger Technologies: Research and Practice (DLT), 2024

   Bib

   @article{chen2024agchain,
     title = {AGChain: A Blockchain-based Gateway for Trustworthy App Delegation from Mobile App Markets},
     author = {Chen, Mengjie and Yi, Xiao and Wu, Daoyuan and Xu, Jianliang and Li, Yingjiu and Gao, Debin},
     journal = {ACM Distributed Ledger Technologies: Research and Practice (DLT)},
     year = {2024}
   }

2. EMNLP

   Split and Merge: Aligning Position Biases in LLM-based Evaluators

   Zongjie Li, Chaozheng Wang, Pingchuan Ma, Daoyuan Wu, Shuai Wang, Cuiyun Gao, and Yang Liu

   In Proc. Conference on Empirical Methods in Natural Language Processing (EMNLP), 2024

   Bib

   @inproceedings{li2024split,
     title = {Split and Merge: Aligning Position Biases in LLM-based Evaluators},
     author = {Li, Zongjie and Wang, Chaozheng and Ma, Pingchuan and Wu, Daoyuan and Wang, Shuai and Gao, Cuiyun and Liu, Yang},
     booktitle = {Proc. Conference on Empirical Methods in Natural Language Processing (EMNLP)},
     year = {2024}
   }

3. CSUR

   Machine Learning for Actionable Warning Identification: A Comprehensive Survey

   Xiuting Ge, Chunrong Fang, Xuanye Li, Weisong Sun, Daoyuan Wu, Juan Zhai, Shang-wei Lin, Zhihong Zhao, Yang Liu, and Zhenyu Chen

   ACM Computing Surveys (CSUR), 2024

   Bib

   @article{ge2024machine,
     llm4sec = {true},
     title = {Machine Learning for Actionable Warning Identification: A Comprehensive Survey},
     author = {Ge, Xiuting and Fang, Chunrong and Li, Xuanye and Sun, Weisong and Wu, Daoyuan and Zhai, Juan and Lin, Shang-wei and Zhao, Zhihong and Liu, Yang and Chen, Zhenyu},
     journal = {ACM Computing Surveys (CSUR)},
     year = {2024}
   }

4. USENIX Security

   Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts

   Han Liu, Daoyuan Wu, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, and Yixiang Chen

   In Proc. USENIX Security Symposium, 2024

   Bib

   @inproceedings{liu2024using,
     title = {Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts},
     author = {Liu, Han and Wu, Daoyuan and Sun, Yuqiang and Wang, Haijun and Li, Kaixuan and Liu, Yang and Chen, Yixiang},
     booktitle = {Proc. USENIX Security Symposium},
     year = {2024}
   }

5. EuroS&P

   MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search

   Zicheng Zhang, Haoyu Ma, Daoyuan Wu, Debin Gao, Xiao Yi, Yufan Chen, Yan Wu, and Lingxiao Jiang

   In Proc. IEEE European Symposium on Security and Privacy (EuroS&P), 2024

   Bib

   @inproceedings{zhang2024mtdscout,
     title = {MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search},
     author = {Zhang, Zicheng and Ma, Haoyu and Wu, Daoyuan and Gao, Debin and Yi, Xiao and Chen, Yufan and Wu, Yan and Jiang, Lingxiao},
     booktitle = {Proc. IEEE European Symposium on Security and Privacy (EuroS\&P)},
     year = {2024}
   }

6. ICSE

   GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis

   Yuqiang Sun, Daoyuan Wu, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu

   In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2024

   Bib

   @inproceedings{sun2024gptscan,
     top_se_conf = {true},
     llm4sec = {true},
     title = {GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis},
     author = {Sun, Yuqiang and Wu, Daoyuan and Xue, Yue and Liu, Han and Wang, Haijun and Xu, Zhengzi and Xie, Xiaofei and Liu, Yang},
     booktitle = {Proc. IEEE/ACM Conference on Software Engineering (ICSE)},
     year = {2024}
   }

7. ICSE

   On Extracting Specialized Code Abilities from Large Language Models: A Feasibility Study

   Zongjie Li, Chaozheng Wang, Pingchuan Ma, Chaowei Liu, Shuai Wang, Daoyuan Wu, Cuiyun Gao, and Yang Liu

   In Proc. IEEE/ACM Conference on Software Engineering (ICSE), 2024

   Bib

   @inproceedings{li2024extracting,
     top_se_conf = {true},
     title = {On Extracting Specialized Code Abilities from Large Language Models: A Feasibility Study},
     author = {Li, Zongjie and Wang, Chaozheng and Ma, Pingchuan and Liu, Chaowei and Wang, Shuai and Wu, Daoyuan and Gao, Cuiyun and Liu, Yang},
     booktitle = {Proc. IEEE/ACM Conference on Software Engineering (ICSE)},
     year = {2024}
   }

2023

1. ISSTA

   Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts

   Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, and Lingxiao Jiang

   In Proc. ACM International Symposium on Software Testing and Analysis (ISSTA), 2023

   Bib

   @inproceedings{fang2023beyond,
     top_se_conf = {true},
     title = {Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts},
     author = {Fang, Yuzhou and Wu, Daoyuan and Yi, Xiao and Wang, Shuai and Chen, Yufan and Chen, Mengjie and Liu, Yang and Jiang, Lingxiao},
     booktitle = {Proc. ACM International Symposium on Software Testing and Analysis (ISSTA)},
     pages = {1157--1168},
     year = {2023}
   }

2. NDSS

   BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects

   Xiao Yi, Yuzhou Fang, Daoyuan Wu, and Lingxiao Jiang

   In Proc. ISOC Network and Distributed System Security Symposium (NDSS), 2023

   Bib

   @inproceedings{yi2023blockscope,
     title = {BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects},
     author = {Yi, Xiao and Fang, Yuzhou and Wu, Daoyuan and Jiang, Lingxiao},
     booktitle = {Proc. ISOC Network and Distributed System Security Symposium (NDSS)},
     year = {2023}
   }

2022

1. FSE

   An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns

   Xiao Yi, Daoyuan Wu, Lingxiao Jiang, Yuzhou Fang, Kehuan Zhang, and Wei Zhang

   In Proc. ACM Symposium on the Foundations of Software Engineering (FSE), 2022

   Bib

   @inproceedings{yi2022empirical,
     top_se_conf = {true},
     title = {An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns},
     author = {Yi, Xiao and Wu, Daoyuan and Jiang, Lingxiao and Fang, Yuzhou and Zhang, Kehuan and Zhang, Wei},
     booktitle = {Proc. ACM Symposium on the Foundations of Software Engineering (FSE)},
     year = {2022}
   }

2. RAID

   LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework

   Menghan Sun, Zirui Song, Xiaoxi Ren, Daoyuan Wu, and Kehuan Zhang

   In Proc. International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2022

   Bib

   @inproceedings{sun2022lica,
     title = {LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework},
     author = {Sun, Menghan and Song, Zirui and Ren, Xiaoxi and Wu, Daoyuan and Zhang, Kehuan},
     booktitle = {Proc. International Symposium on Research in Attacks, Intrusions and Defenses (RAID)},
     year = {2022}
   }

2021

1. RAID

   On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps

   Zicheng Zhang, Daoyuan Wu, Lixiang Li, and Debin Gao

   In Proc. International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2021

   Bib

   @inproceedings{zhang2021usability,
     title = {On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps},
     author = {Zhang, Zicheng and Wu, Daoyuan and Li, Lixiang and Gao, Debin},
     booktitle = {Proc. International Symposium on Research in Attacks, Intrusions and Defenses (RAID)},
     year = {2021}
   }

2. DSN

   When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid

   Daoyuan Wu, Debin Gao, Robert H Deng, and Chang Rocky KC

   In Proc. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2021

   Bib

   @inproceedings{wu2021program,
     title = {When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid},
     author = {Wu, Daoyuan and Gao, Debin and Deng, Robert H and KC, Chang Rocky},
     booktitle = {Proc. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)},
     year = {2021}
   }

3. TDSC

   Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing

   Haoyu Ma, Shijia Li, Debin Gao, Daoyuan Wu, Qiaowen Jia, and Chunfu Jia

   IEEE Transactions on Dependable and Secure Computing (TDSC), 2021

   Bib

   @article{ma2021active,
     title = {Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing},
     author = {Ma, Haoyu and Li, Shijia and Gao, Debin and Wu, Daoyuan and Jia, Qiaowen and Jia, Chunfu},
     journal = {IEEE Transactions on Dependable and Secure Computing (TDSC)},
     year = {2021}
   }

4. EMSE

   Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls

   Daoyuan Wu, Debin Gao, and David Lo

   Springer Empirical Software Engineering (EMSE), 2021

   Bib

   @article{wu2021scalable,
     title = {Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls},
     author = {Wu, Daoyuan and Gao, Debin and Lo, David},
     journal = {Springer Empirical Software Engineering (EMSE)},
     year = {2021}
   }

2020

1. TII

   Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems

   Haoyu Ma, Jianwen Tian, Kefan Qiu, David Lo, Debin Gao, Daoyuan Wu, Chunfu Jia, and Thar Baker

   IEEE Transactions on Industrial Informatics (TII), 2020

   Bib

   @article{ma2020deep,
     title = {Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems},
     author = {Ma, Haoyu and Tian, Jianwen and Qiu, Kefan and Lo, David and Gao, Debin and Wu, Daoyuan and Jia, Chunfu and Baker, Thar},
     journal = {IEEE Transactions on Industrial Informatics (TII)},
     year = {2020}
   }

2. DIMVA

   Understanding Android VoIP Security: A System-Level Vulnerability Assessment

   En He, Daoyuan Wu, and Robert H Deng

   In Springer International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), 2020

   Bib

   @inproceedings{he2020understanding,
     title = {Understanding Android VoIP Security: A System-Level Vulnerability Assessment},
     author = {He, En and Wu, Daoyuan and Deng, Robert H},
     booktitle = {Springer International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)},
     year = {2020}
   }

2019

1. AsiaCCS

   Towards Understanding Android System Vulnerabilities: Techniques and Insights

   Daoyuan Wu, Debin Gao, Eric KT Cheng, Yichen Cao, Jintao Jiang, and Robert H Deng

   In Proc. ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2019

   Bib

   @inproceedings{wu2019towards,
     title = {Towards Understanding Android System Vulnerabilities: Techniques and Insights},
     author = {Wu, Daoyuan and Gao, Debin and Cheng, Eric KT and Cao, Yichen and Jiang, Jintao and Deng, Robert H},
     booktitle = {Proc. ACM Asia Conference on Computer and Communications Security (AsiaCCS)},
     year = {2019}
   }

2. IWQoS

   An Empirical Study of Mobile Network Behavior and Application Performance in the Wild

   Shiwei Zhang, Weichao Li, Daoyuan Wu, Bo Jin, Rocky KC Chang, Debin Gao, Yi Wang, and Ricky KP Mok

   In Proc. International Symposium on Quality of Service (IWQoS), 2019

   Bib

   @inproceedings{zhang2019empirical,
     title = {An Empirical Study of Mobile Network Behavior and Application Performance in the Wild},
     author = {Zhang, Shiwei and Li, Weichao and Wu, Daoyuan and Jin, Bo and Chang, Rocky KC and Gao, Debin and Wang, Yi and Mok, Ricky KP},
     booktitle = {Proc. International Symposium on Quality of Service (IWQoS)},
     year = {2019}
   }

3. NDSS

   Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment

   Daoyuan Wu, Debin Gao, Rocky KC Chang, En He, Eric KT Cheng, and Robert H Deng

   In Proc. ISOC Network and Distributed System Security Symposium (NDSS), 2019

   Bib

   @inproceedings{wu2019understanding,
     title = {Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment},
     author = {Wu, Daoyuan and Gao, Debin and Chang, Rocky KC and He, En and Cheng, Eric KT and Deng, Robert H},
     booktitle = {Proc. ISOC Network and Distributed System Security Symposium (NDSS)},
     year = {2019}
   }

2018

1. WiSec

   Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild

   Xiaoxiao Tang, Yan Lin, Daoyuan Wu, and Debin Gao

   In Proc. ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec), 2018

   Bib

   @inproceedings{tang2018towards,
     title = {Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild},
     author = {Tang, Xiaoxiao and Lin, Yan and Wu, Daoyuan and Gao, Debin},
     booktitle = {Proc. ACM Conference on Security \& Privacy in Wireless and Mobile Networks (WiSec)},
     year = {2018}
   }

2. CODASPY

   SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications

   Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, and Robert H Deng

   In Proc. ACM Conference on Data and Applications Security and Privacy (CODASPY), 2018

   Bib

   @inproceedings{wu2018sclib,
     title = {SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications},
     author = {Wu, Daoyuan and Cheng, Yao and Gao, Debin and Li, Yingjiu and Deng, Robert H},
     booktitle = {Proc. ACM Conference on Data and Applications Security and Privacy (CODASPY)},
     year = {2018}
   }

2017

1. USENIX ATC

   MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance

   Daoyuan Wu, Rocky KC Chang, Weichao Li, Eric KT Cheng, and Debin Gao

   In Proc. USENIX Annual Technical Conference (ATC), 2017

   Bib

   @inproceedings{wu2017mopeye,
     title = {MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance},
     author = {Wu, Daoyuan and Chang, Rocky KC and Li, Weichao and Cheng, Eric KT and Gao, Debin},
     booktitle = {Proc. USENIX Annual Technical Conference (ATC)},
     year = {2017}
   }

2. TMC

   Toward Accurate Network Delay Measurement on Android Phones

   Weichao Li, Daoyuan Wu, Rocky KC Chang, and Ricky KP Mok

   IEEE Transactions on Mobile Computing (TMC), 2017

   Bib

   @article{li2017toward,
     title = {Toward Accurate Network Delay Measurement on Android Phones},
     author = {Li, Weichao and Wu, Daoyuan and Chang, Rocky KC and Mok, Ricky KP},
     journal = {IEEE Transactions on Mobile Computing (TMC)},
     year = {2017}
   }

3. WASA

   Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps

   Daoyuan Wu, Ximing Liu, Jiayun Xu, David Lo, and Debin Gao

   In Proc. Springer International Conference on Wireless Algorithms, Systems, and Applications (WASA), 2017

   Bib

   @inproceedings{wu2017measuring,
     title = {Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps},
     author = {Wu, Daoyuan and Liu, Ximing and Xu, Jiayun and Lo, David and Gao, Debin},
     booktitle = {Proc. Springer International Conference on Wireless Algorithms, Systems, and Applications (WASA)},
     year = {2017}
   }

2016

1. CoNEXT

   Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement

   Weichao Li, Daoyuan Wu, Rocky KC Chang, and Ricky KP Mok

   In Proc. International on Conference on emerging Networking EXperiments and Technologies (CoNEXT), 2016

   Bib

   @inproceedings{li2016demystifying,
     title = {Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement},
     author = {Li, Weichao and Wu, Daoyuan and Chang, Rocky KC and Mok, Ricky KP},
     booktitle = {Proc. International on Conference on emerging Networking EXperiments and Technologies (CoNEXT)},
     year = {2016}
   }

2015

1. ICISC

   Stack Layout Randomization with Minimal Rewriting of Android Binaries

   Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, and Huanguo Zhang

   In Proc. Springer International Conference on Information Security and Cryptology (ICISC), 2015

   Bib

   @inproceedings{liang2015stack,
     title = {Stack Layout Randomization with Minimal Rewriting of Android Binaries},
     author = {Liang, Yu and Ma, Xinjie and Wu, Daoyuan and Tang, Xiaoxiao and Gao, Debin and Peng, Guojun and Jia, Chunfu and Zhang, Huanguo},
     booktitle = {Proc. Springer International Conference on Information Security and Cryptology (ICISC)},
     year = {2015}
   }

2. INFOCOM

   On the Accuracy of Smartphone-based Mobile Network Measurement

   Weichao Li, Ricky KP Mok, Daoyuan Wu, and Rocky KC Chang

   In Proc. IEEE Conference on Computer Communications (INFOCOM), 2015

   Bib

   @inproceedings{li2015accuracy,
     title = {On the Accuracy of Smartphone-based Mobile Network Measurement},
     author = {Li, Weichao and Mok, Ricky KP and Wu, Daoyuan and Chang, Rocky KC},
     booktitle = {Proc. IEEE Conference on Computer Communications (INFOCOM)},
     year = {2015}
   }

3. MoST

   Indirect File Leaks in Mobile Applications

   Daoyuan Wu and Rocky KC Chang

   In Proc. IEEE Mobile Security Technologies (MoST), in conjunction with S&P, 2015

   Bib

   @inproceedings{wu2015indirect,
     title = {Indirect File Leaks in Mobile Applications},
     author = {Wu, Daoyuan and Chang, Rocky KC},
     booktitle = {Proc. IEEE Mobile Security Technologies (MoST), in conjunction with S\&P},
     year = {2015}
   }

2014

1. ISC

   Analyzing Android Browser Apps for file:// Vulnerabilities

   Daoyuan Wu and Rocky KC Chang

   In Proc. Springer Information Security Conference (ISC), 2014

   Bib

   @inproceedings{wu2014analyzing,
     title = {Analyzing Android Browser Apps for file:// Vulnerabilities},
     author = {Wu, Daoyuan and Chang, Rocky KC},
     booktitle = {Proc. Springer Information Security Conference (ISC)},
     year = {2014}
   }