A5017552210- Software Testing and Debugging Techniques
- Advanced Malware Detection Techniques
- Real-time simulation and control systems
- Security and Verification in Computing
- Software Engineering Research
- Autonomous Vehicle Technology and Safety
- Web Application Security Vulnerabilities
- Network Security and Intrusion Detection
- Cybercrime and Law Enforcement Studies
- Digital and Cyber Forensics
- Drilling and Well Engineering
- Software System Performance and Reliability
- Hydraulic Fracturing and Reservoir Analysis
- Vehicular Ad Hoc Networks (VANETs)
- Oil and Gas Production Techniques
- Cloud Data Security Solutions
- Scientific Computing and Data Management
- Access Control and Trust
- Spam and Phishing Detection
- Software Reliability and Analysis Research
- Blockchain Technology Applications and Security
- Parallel Computing and Optimization Techniques
Fudan University
2022-2025
Halliburton (United States)
2024
Bug reports and patch commits are dramatically increasing for OS kernels, incentivizing a critical need kernel-level bug reproduction testing. Directed greybox fuzzing (DGF), aiming to stress-test specific part of code, is promising approach However, the existing DGF methods exclusively target user-space applications, presenting intrinsic limitations in handling kernels. In particular, these cannot pinpoint appropriate system calls needed syscall parameter values reach location,resulting low...
Learning-based malware detectors are widely used in practice to safeguard real-world computers. One major challenge is known as model aging, where the effectiveness of these models drops drastically variants keep evolving. To tackle most existing works choose label new samples retrain aged models. However, such data-perspective methods often require excessive costs labeling and retraining. In this article, we observe that during evolution, preserve similar malicious semantics while switching...
For the safety assessment of autonomous driving systems (ADS), simulation testing has become an important complementary technique to physical road testing. In essence, is a scenario-driven approach, whose effectiveness highly dependent on quality given scenarios. Moreover, scenarios should be encoded into well-formatted files, otherwise, ADS platforms cannot take them as inputs. Without large public datasets scenario both industry and academic applications are hindered.
Detecting recurring vulnerabilities has become a popular means of static vulnerability detection in recent years because they do not require labor-intensive modeling. Recently, body work, with HiddenCPG as representative, redefined the problem statically identifying subgraph isomorphism problem. More specifically, these approaches represent known vulnerable code graph-based structures (e.g., PDG or CPG), and then identify subgraphs within target applications that match graphs. However, since...
Nowadays, mobile apps have greatly facilitated our daily work and lives. They are often designed to closely interact with each other through app components for data functionality sharing. The security of has been extensively studied various component attacks proposed. Meanwhile, Android system vendors developers introduced a series defense measures mitigate these threats. However, we discovered that as evolve develop, existing defenses become inadequate address the emerging requirements....
Fuzzing is one of the most popular and practical techniques for security analysis. In this work, we aim to address critical problem high-quality input generation with a novel input-aware fuzzing approach called NestFuzz. NestFuzz can universally automatically model format specifications generate valid input.
Cryptocurrencies, while revolutionary, have become a magnet for malicious actors. With numerous reports underscoring cyberattacks and scams in this domain, our paper takes the lead characterizing visual associated with cryptocurrency wallets---a fundamental component of Web3. Specifically, scammers capitalize on omission vital wallet interface details, such as token symbols, addresses, smart contract function names, to mislead users, potentially resulting unintended financial losses....
Abstract Conventional approaches to addressing stuck pipe scenarios in oil field operations have typically depended on established tools and procedures. While previous research has delved into the causes of drill sticking suggested adjustments operational methodologies, current methods often fall short predicting incidents comprehensively, particularly light diverse wellbore conditions. This paper presents a novel methodology that merges principles physics, data science, uncertainty modeling...
IoT firmware faces severe threats to security vulnerabilities. As an important method detect vulnerabilities, recurring vulnerability detection has not been systematically studied in firmware. In fact, existing methods would meet significant challenges from two aspects. First, vulnerabilities are usually reported texts without too much code-level information, e.g., patches. Second, images released as binaries, making the analysis of known and unknown quite difficult.
Emerging app-in-app ecosystems (e.g., WeChat) provide a lightweight and efficient WebView-based runtime for mini-apps, which frequently load rich web content from remote servers access sensitive resources via APIs provided by the super-apps (a.k.a. frameworks). Inspired security policy (CSP), enforce domain-based allowlist to prevent mini-apps loading untrusted malicious content. In this paper, we observe that mechanism is unreliable in because it assumes all pages under domain are trusted....