Select Publications

Journal articles

Zhang X; Zhang C; Li X; Du Z; Mao B; Li Y; Zheng Y; Li Y; Pan L; Liu Y; Deng R, 2024, 'A Survey of Protocol Fuzzing', ACM Computing Surveys, 57, http://dx.doi.org/10.1145/3696788

Li N; Li Y; Liu Y; Shi L; Wang K; Wang H, 2024, 'Drowzee: Metamorphic Testing for Fact-Conflicting Hallucination Detection in Large Language Models', Proceedings of the ACM on Programming Languages, 8, http://dx.doi.org/10.1145/3689776

Li S; Xie X; Lin Y; Li Y; Feng R; Li X; Ge W; Dong JS, 2022, 'Deep Learning for Coverage-Guided Fuzzing: How Far are We?', IEEE Transactions on Dependable and Secure Computing, http://dx.doi.org/10.1109/TDSC.2022.3200525

Conference Papers

Liu T; Deng Z; Meng G; Li Y; Chen K, 2024, 'Demystifying RCE Vulnerabilities in LLM-Integrated Apps', in Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, ACM, pp. 1716 - 1730, presented at CCS '24: ACM SIGSAC Conference on Computer and Communications Security, http://dx.doi.org/10.1145/3658644.3690338

Yang W; Gao C; Liu X; Li Y; Xue Y, 2024, 'Rust-twins: Automatic Rust Compiler Testing through Program Mutation and Dual Macros Generation', in Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, ACM, pp. 631 - 642, presented at ASE '24: 39th IEEE/ACM International Conference on Automated Software Engineering, http://dx.doi.org/10.1145/3691620.3695059

Yu J; Xie X; Zhang C; Chen S; Li Y; Shen W, 2024, 'Bugs in Pods: Understanding Bugs in Container Runtime Systems', in ISSTA 2024 - Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 1364 - 1376, http://dx.doi.org/10.1145/3650212.3680366

Zhang C; Zheng Y; Bai M; Li Y; Ma W; Xie X; Li Y; Sun L; Liu Y, 2024, 'How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation', in ISSTA 2024 - Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 1223 - 1235, http://dx.doi.org/10.1145/3650212.3680355

Xu Z; Liu Y; Deng G; Li Y; Picek S, 2024, 'A Comprehensive Study of Jailbreak Attack versus Defense for Large Language Models', in Findings of the Association for Computational Linguistics ACL 2024, Bangkok, Thailand, pp. 7432 - 7449, presented at 62nd Annual Meeting of the Association for Computational Linguistics (ACL 2024), Bangkok, Thailand, 11 August 2024, http://dx.doi.org/10.48550/arXiv.2402.13457

Liu Y; Deng G; Xu Z; Li Y; Zheng Y; Zhang Y; Zhao L; Zhang T; Wang K, 2024, 'A Hitchhiker’s Guide to Jailbreaking ChatGPT via Prompt Engineering', in SEA4DQ 2024 - Proceedings of the 4th International Workshop on Software Engineering and AI for Data Quality in Cyber-Physical Systems/Internet of Things, Co-located with: ESEC/FSE 2024, pp. 12 - 21, http://dx.doi.org/10.1145/3663530.3665021

Du Z; Li Y; Zheng Y; Zhang X; Zhang C; Liu Y; Habib SM; Li X; Wang L; Liu Y; Mao B, 2024, 'Medusa: Unveil Memory Exhaustion DoS Vulnerabilities in Protocol Implementations', in WWW 2024 - Proceedings of the ACM Web Conference, pp. 1668 - 1679, http://dx.doi.org/10.1145/3589334.3645476

Wang G; Li Y; Liu Y; Deng G; Li T; Xu G; Liu Y; Wang H; Wang K, 2024, 'MeTMaP: Metamorphic Testing for Detecting False Vector Matching Problems in LLM Augmented Generation', in Proceedings - 2024 IEEE/ACM 1st International Conference on AI Foundation Models and Software Engineering, FORGE 2024, pp. 12 - 23, http://dx.doi.org/10.1145/3650105.3652297

Zhao J; Li Y; Zou Y; Liang Z; Xiao Y; Li Y; Peng B; Zhong N; Wang X; Wang W; Huo W, 2024, 'Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems', in Proceedings of the 33rd USENIX Security Symposium, pp. 7067 - 7084

Deng G; Liu Y; Mayoral-Vilches V; Liu P; Li Y; Xu Y; Zhang T; Liu Y; Pinzger M; Rass S, 2024, 'PENTESTGPT: Evaluating and Harnessing Large Language Models for Automated Penetration Testing', in Proceedings of the 33rd USENIX Security Symposium, pp. 847 - 864

Sapin E; Menon S; Ge J; Habib SM; Heymann M; Li Y; Palige R; Byman G; Liu Y, 2023, 'Monitoring Automotive Software Security Health through Trustworthiness Score', in Proceedings: CSCS 2023 - 7th ACM Computer Science in Cars Symposium, http://dx.doi.org/10.1145/3631204.3631859

Shi J; Xiao Y; Li Y; Li Y; Yu D; Yu C; Su H; Chen Y; Huo W, 2023, 'ACETest: Automated Constraint Extraction for Testing Deep Learning Operators', in ISSTA 2023 - Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 690 - 702, http://dx.doi.org/10.1145/3597926.3598088

Liu Y; Li Y; Deng G; Juefei-Xu F; Du Y; Zhang C; Liu C; Li Y; Ma L; Liu Y, 2023, 'ASTER: Automatic Speech Recognition System Accessibility Testing for Stutterers', in Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023, pp. 510 - 521, http://dx.doi.org/10.1109/ASE56229.2023.00107

Du Z; Li Y, 2023, 'HasteFuzz: Full-Speed Fuzzing', in Proceedings - 2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing, SBFT 2023, pp. 73 - 75, http://dx.doi.org/10.1109/SBFT59156.2023.00022

Deng G; Zhang Z; Li Y; Liu Y; Zhang T; Liu Y; Yu G; Wang D, 2023, 'NAUTILUS: Automated RESTful API Vulnerability Detection', in 32nd USENIX Security Symposium, USENIX Security 2023, pp. 5593 - 5610

Ge J; Li Y; Liu Y; Zheng Y; Liu Y; Zhao L, 2023, 'PumpChannel: An Efficient and Secure Communication Channel for Trusted Execution Environment on ARM-FPGA Embedded SoC', in Proceedings -Design, Automation and Test in Europe, DATE, http://dx.doi.org/10.23919/DATE56975.2023.10137170

Yin J; Li M; Li Y; Yu Y; Lin B; Zou Y; Liu Y; Huo W; Xue J, 2023, 'RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing', in Proceedings - IEEE Symposium on Security and Privacy, pp. 2155 - 2169, http://dx.doi.org/10.1109/SP46215.2023.10179421

Ge J; Li Y; Zheng Y; Liu Y; Habib SM, 2022, 'More Secure Collaborative APIs resistant to Flush-Based Cache Attacks on Cortex-A9 Based Automotive System', in Proceedings - CSCS 2022: 6th ACM Computer Science in Cars Symposium, http://dx.doi.org/10.1145/3568160.3570227

Liu Y; Li Y; Liu Y; Wan R; Wu R; Liu Q, 2022, 'Morest: Industry Practice of Automatic RESTful API Testing', in ACM International Conference Proceeding Series, http://dx.doi.org/10.1145/3551349.3559498

Zheng Y; Li Y; Zhang C; Zhu H; Liu Y; Sun L, 2022, 'Efficient greybox fuzzing of applications in Linux-based IoT devices via enhanced user-mode emulation', in ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 417 - 428, http://dx.doi.org/10.1145/3533767.3534414

Liu Y; Li Y; Deng G; Liu Y; Wan R; Wu R; Ji D; Xu S; Bao M, 2022, 'Morest: Model-based RESTful API Testing with Execution Feedback', in Proceedings - International Conference on Software Engineering, pp. 1406 - 1417, http://dx.doi.org/10.1145/3510003.3510133

Li Y; Sun Y; Xu Z; Cao J; Li Y; Li R; Chen H; Cheung SC; Liu Y; Xiao Y, 2022, 'RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix', in Proceedings of the 31st USENIX Security Symposium, Security 2022, pp. 4183 - 4200

Du Z; Li Y; Liu Y; Mao B, 2022, 'Windranger: A Directed Greybox Fuzzer driven by Deviation Basic Blocks', in Proceedings - International Conference on Software Engineering, pp. 2440 - 2451, http://dx.doi.org/10.1145/3510003.3510197

He X; Xie X; Li Y; Sun J; Li F; Zou W; Liu Y; Yu L; Zhou J; Shi W; Huo W, 2021, 'SoFi: Reflection-Augmented Fuzzing for JavaScript Engines', in Proceedings of the ACM Conference on Computer and Communications Security, pp. 2229 - 2242, http://dx.doi.org/10.1145/3460120.3484823

Li S; Lin Y; Xie X; Li Y; Li X; Ge W; Liu Y; Dong J, 2021, 'A First Look at the Effect of Deep Learning in Coverage-guided Fuzzing', in Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, pp. 1186 - 1189, http://dx.doi.org/10.1109/ASE51524.2021.9678794

Zhang C; Lin X; Li Y; Xue Y; Xie J; Chen H; Ying X; Wang J; Liu Y, 2021, 'APICRAFT: Fuzz driver generation for closed-source SDK libraries', in Proceedings of the 30th USENIX Security Symposium, pp. 2811 - 2828

Tian Z; Li Y, 2021, 'AutoCom: Automatic comment generation for C code', in Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE, pp. 632 - 633, http://dx.doi.org/10.18293/SEKE2021-202

Zhang C; Li Y; Chen H; Luo X; Li M; Nguyen AQ; Liu Y, 2021, 'BIFF: Practical Binary Fuzzing Framework for Programs of IoT and Mobile Devices', in Proceedings - 2021 36th IEEE/ACM International Conference on Automated Software Engineering, ASE 2021, pp. 1161 - 1165, http://dx.doi.org/10.1109/ASE51524.2021.9678910

Li Y; Meng G; Xu J; Zhang C; Chen H; Xie X; Wang H; Liu Y, 2021, 'Vall-nut: Principled Anti-Grey box - Fuzzing', in Proceedings - International Symposium on Software Reliability Engineering, ISSRE, pp. 288 - 299, http://dx.doi.org/10.1109/ISSRE52982.2021.00039

Li Y; Chen H; Zhang C; Xiong S; Liu C; Wang Y, 2020, 'Ori: A greybox fuzzer for SOME/IP protocols in automotive ethernet', in Proceedings - Asia-Pacific Software Engineering Conference, APSEC, pp. 495 - 499, http://dx.doi.org/10.1109/APSEC51365.2020.00063

Wen C; Wang H; Li Y; Qin S; Liu Y; Xu Z; Chen H; Xie X; Pu G; Liu T, 2020, 'Memlock: Memory usage guided fuzzing', in Proceedings - International Conference on Software Engineering, pp. 765 - 777, http://dx.doi.org/10.1145/3377811.3380396

Wang H; Xie X; Li Y; Wen C; Li Y; Liu Y; Qin S; Chen H; Sui Y, 2020, 'Typestate-guided fuzzer for discovering use-after-free vulnerabilities', in Proceedings - International Conference on Software Engineering, pp. 999 - 1010, http://dx.doi.org/10.1145/3377811.3380386

Chen H; Guo S; Xue Y; Sui Y; Zhang C; Li Y; Wang H; Liu Y, 2020, 'MUZZ: Thread-aware grey-box fuzzing for effective bug hunting in multithreaded programs', in Proceedings of the 29th USENIX Security Symposium, pp. 2325 - 2342

Li Y; Xue Y; Chen H; Wu X; Zhang C; Xie X; Wang H; Liu Y, 2019, 'Cerebro: Context-aware adaptive fuzzing for effective vulnerability detection', in ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 533 - 544, http://dx.doi.org/10.1145/3338906.3338975

Wang H; Xie X; Lin SW; Lin Y; Li Y; Qin S; Liu Y; Liu T, 2019, 'Locating vulnerabilities in binaries via memory layout recovering', in ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 718 - 728, http://dx.doi.org/10.1145/3338906.3338966

Du X; Chen B; Li Y; Guo J; Zhou Y; Liu Y; Jiang Y, 2019, 'LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment Through Program Metrics', in Proceedings - International Conference on Software Engineering, pp. 60 - 71, http://dx.doi.org/10.1109/ICSE.2019.00024

Xie X; Ma L; Wang H; Li Y; Liu Y; Li X, 2019, 'Diffchaser: Detecting disagreements for deep neural networks', in IJCAI International Joint Conference on Artificial Intelligence, pp. 5772 - 5778, http://dx.doi.org/10.24963/ijcai.2019/800

Chen H; Li Y; Chen B; Xue Y; Liu Y, 2018, 'FOT: A versatile, configurable, extensible fuzzing framework', in ESEC/FSE 2018 - Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 867 - 870, http://dx.doi.org/10.1145/3236024.3264593

Chen H; Chen B; Xue Y; Xie X; Liu Y; Li Y; Wu X, 2018, 'Hawkeye: Towards a desired directed grey-box fuzzer', in Proceedings of the ACM Conference on Computer and Communications Security, pp. 2095 - 2108, http://dx.doi.org/10.1145/3243734.3243849

Li Y, 2018, 'Principled greybox fuzzing', in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), pp. 455 - 458, http://dx.doi.org/10.1007/978-3-030-02450-5_34

Li Y; Chen B; Chandramohan M; Lin SW; Liu Y; Tiu A, 2017, 'Steelix: Program-state based binary fuzzing', in Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 627 - 637, http://dx.doi.org/10.1145/3106237.3106295

Preprints

Zhang X; Zhang C; Li X; Du Z; Mao B; Li Y; Zheng Y; Li Y; Pan L; Liu Y; Deng RH, 2024, A Survey of Protocol Fuzzing, http://dx.doi.org/10.48550/arxiv.2401.01568


Back to profile page