近期论文
查看导师新发文章
(温馨提示:请注意重名现象,建议点开原文通过作者单位确认)
Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications. Keke Lian, Lei Zhang, Guangliang Yang, Shuo Mao, Xinjie Wang, Yuan Zhang, Min Yang. In Proceedings of ACM International Conference on the Foundations of Software Engineering (FSE), Brazil, Brazil, July 15-19, 2024.
Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction. Bofei Chen, Lei Zhang, Xinyou Huang, Yinzhi Cao, Keke Lian, Yuan Zhang, Min Yang. In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 20-23, 2024.
SAMBA: Detecting SSL/TLS API Misuses in IoT Binary Applications. Kaizheng Liu, Ming Yang, Zhen Ling, Yuan Zhang, Chongqing Lei, Lan Luo, Xinwen Fu. In Proceedings of 43rd IEEE International Conference on Computer Communications (INFOCOM), Vancouver, Canada, May 20-23, 2024.
RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications. Youkun Shi, Yuan Zhang, Tianhao Bai, Lei Zhang, Xin Tan, Min Yang. In Proceedings of the 33rd ACM Web Conference (WWW), Singapore, May 13–17, 2024.
Interface Illusions: Uncovering the Rise of Visual Scams in Cryptocurrency Wallets. Guoyi Ye, Geng Hong, Yuan Zhang, Min Yang. In Proceedings of the 33rd ACM Web Conference (WWW), Singapore, May 13–17, 2024.
SCTrans: Constructing a Large Public Scenario Dataset for Simulation Testing of Autonomous Driving Systems. Jiarun Dai, Bufan Gao, Mingyuan Luo, Zongan Huang, Zhongrui Li, Yuan Zhang, Min Yang. In Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 14-20, 2024.
SyzDirect: Directed Greybox Fuzzing for Linux Kernel. Xin Tan, Yuan Zhang, Jiadong Lu, Xin Xiong, Zhuang Liu, Min Yang. In Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 26-30, 2023.?[Paper]
NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic. Peng Deng, Zhemin Yang, Lei Zhang, Guangliang Yang, Wenzheng Hong, Yuan Zhang, Min Yang. In Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 26-30, 2023.?[Paper]
TrustedDomain Compromise Attack in App-in-app Ecosystems. Zhibo Zhang, Zhangyue Zhang, Keke Lian, Guangliang Yang, Lei Zhang, Yuan Zhang, Min Yang. In Proceedings of the 1st ACM Workshop on Secure and Trustworthy Superapps (SaTS), co-located with ACM CCS, Copenhagen, Denmark, November 26, 2023.?[Paper]
Remote Code Execution from SSTI in the Sandbox: Automatically Detecting and Exploiting Template Escape Bugs. Yudi Zhao, Yuan Zhang, Min Yang. In Proceedings of the 32nd USENIX Security Symposium (USENIX Security), Anaheim, CA, USA, August 9-11, 2023 (coming soon).?[AE Badges: Artifacts Functional; Results Reproduced; Artifacts Available]
Understanding the (In)Security of Cross-side Face Verification Systems in Mobile Apps: A System Perspective. Xiaohan Zhang, Haoqi Ye, Ziqi Huang, Xiao Ye, Yinzhi Cao, Yuan Zhang, Min Yang. In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023.?[Paper]
AEM: Facilitating Cross-Version Exploitability Assessment of Linux Kernel Vulnerabilities. Zheyue Jiang, Yuan Zhang, Jun Xu, Xinqian Sun, Zhuang Liu, Min Yang. In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2023.?[Paper]
Precise (Un)Affected Version Analysis for Web Vulnerabilities. Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Min Yang. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, Michigan, United States, October 10-14, 2022.?[Paper]
Identity Confusion in WebView-based Mobile App-in-app Ecosystems. Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, Min Yang. In Proceedings of the 31st USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 10-12, 2022.?[Distinguished Paper Award]?[Paper]
Backporting Security Patches of Web Applications: A Prototype Design and Implementation on Injection Vulnerability Patches. Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang. In Proceedings of the 31st USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 10-12, 2022.?[Paper]
Exploit The Last Straw that Breaks Android System. Lei Zhang, Keke Lian, Haoyu Xiao, Zhibo Zhang, Peng Liu, Yuan Zhang, Min Yang, Haixin Duan. In Proceedings of the 43rd IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 22-26, 2022.?[Paper]
Understanding the Practice of Security Patch Management across Multiple Branches in OSS Projects. Xin Tan, Yuan Zhang, Jiajun Cao, Kun Sun, Mi Zhang, Min Yang. In Proceedings of the 31st ACM Web Conference (WWW), Lyon, France, April 25–29, 2022.?[Paper]
Slowing Down the Aging of Learning-based Malware Detectors with API Knowledge. Xiaohan Zhang, Mi Zhang, Yuan Zhang, Ming Zhong, Xin Zhang, Yinzhi Cao, Min Yang. In Transactions on Dependable and Secure Computing (TDSC), 2022.?[Online]
Refcount Field Identification for Linux Kernel Based on Deep Learning. Xin Tan, Xiyu Yang, Jiajun Cao, Yuan Zhang. In the International Journal of Software & Informatics (IJSI). 2022, Vol. 12 Issue 3, p309-329.
Locating the Security Patches for Disclosed OSS Vulnerabilities with Vulnerability-Commit Correlation Ranking. Xin Tan, Yuan Zhang, Chenyuan Mi, Jiajun Cao, Kun Sun, Yifan Lin, Min Yang. In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021.?[Paper]
Facilitating Vulnerability Assessment through PoC Migration. Jiarun Dai, Yuan Zhang, Hailong Xu, Haiming Lyu, Zicheng Wu, Xinyu Xing, Min Yang. In Proceedings of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, South Korea, November 14-19, 2021.?[Paper]
Detecting Kernel Refcount Bugs with Two-Dimensional Consistency Checking. Xin Tan, Yuan Zhang, Xiyu Yang, Kangjie Lu, Min Yang. In Proceedings of the 30th USENIX Security Symposium (USENIX Security), Vancouver, Canada, August 11-13, 2021.?[Paper]
Enhancing State-of-the-art Classifiers with API Semantics to Detect Evolved Android Malware. Xiaohan Zhang, Yuan Zhang, Ming Zhong, Daizong Ding, Yinzhi Cao, Yukun Zhang, Mi Zhang, Min Yang. In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020.?[Distinguished Paper Award Nomination]?[Paper]
PDiff: Semantic-based Patch Presence Testing for Downstream Kernels. Zheyue Jiang, Yuan Zhang, Jun Xu, Qi Wen, Zhenghe Wang, Xiaohan Zhang, Xinyu Xing, Min Yang, Zhemin Yang. In Proceedings of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 9-13, 2020.?[Paper]
BScout: Direct Whole Patch Presence Test for Java Executables. Jiarun Dai, Yuan Zhang, Zheyue Jiang, Yingtian Zhou, Junyan Chen, Xinyu Xing, Xiaohan Zhang, Xin Tan, Min Yang, Zhemin Yang. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 12-14, 2020.?[Paper]
An Ever-evolving Game: Evaluation of Real-world Attacks and Defenses in Ethereum Ecosystem. Shunfan Zhou, Zhemin Yang, Jie Xiang, Yinzhi Cao, Min Yang, Yuan Zhang. In Proceedings of the 29th USENIX Security Symposium (USENIX Security), Boston, MA, USA, August 12-14, 2020.?[Paper]
How Android Developers Handle Evolution-induced API Compatibility Issues: A Large-scale Study. Hao Xia, Yuan Zhang, Yingtian Zhou, Xiaoting Chen, Yang Wang, Xiangyu Zhang, Shuaishuai Cui, Gen Hong, Xiaohan Zhang, Min Yang, Zhemin Yang. In Proceedings of the 42nd International Conference on Software Engineering (ICSE), Seoul, South Korea, May 23-29, 2020.?[Paper]
TextExerciser: Feedback-driven Text Input Exercising for Android Applications. Yuyu He, Lei Zhang, Zhemin Yang, Yinzhi Cao, Keke Lian, Shuai Li, Wei Yang, Zhibo Zhang, Min Yang, Yuan Zhang, Haixin Duan. In Proceedings of the 41st IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, May 18-20, 2020.?[Paper]
Hybrid Malware Detection Approach with Feedback-directed Machine Learning. Zhetao Li, Wenlin Li, Fuyuan Lin, Yi Sun, Min Yang, Yuan Zhang, Zhibo Wang. In SCIENCE CHINA Information Sciences, Volume 63, Issue 3: 139103 (2020)
App in the Middle : Demystify Application Virtualization in Android and its Security Threats to over 100 Million Users. Lei Zhang, Zhemin Yang, Yuyu He, Mingqi Li, Sen Yang, Min Yang, Yuan Zhang, Zhiun Qian. In Proceedings of ACM SIGMETRICS / IFIP Performance, Phoenix, Arizona, USA, 2019.?[Paper]
How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World. Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 15-19, 2018.?[Paper]
Invetter: Locating Insecure Input Validations in Android Services. Lei Zhang, Zhemin Yang, Yuyu He, Zhenyu Zhang, Zhiyun Qian, Geng Hong, Yuan Zhang, Min Yang. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS), Toronto, Canada, October 15-19, 2018.?[Paper]
An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications. Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang, Xiaofeng Wang, Long Lu, Haixin Duan. In Proceedings of the 27th USENIX Security Symposium (USENIX Security), Baltimore, USA, August 15-17, 2018.?[Paper]?[Dataset]
Detecting Third-Party Libraries in Android Applications with High Precision and Recall. Yuan Zhang, Jiarun Dai, Xiaohan Zhang, Sirong Huang, Zhemin Yang, Min Yang, Hao Chen. In Proceedings of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Campobasso, Italy, March 20-23, 2018.?[Paper]?[Source Code]
Finding Clues for Your Secrets: Semantics-Driven, Learning-Based Privacy Discovery in Mobile Apps. Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu, Min Yang. In Proceedings of Network and Distributed System Security Symposium (NDSS), San Diego, Feb 18-21, 2018.?[Paper]
Identifying User-Input Privacy in Mobile Applications at a Large Scale. Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, Limin Sun. In IEEE Transactions on Information Forensics and Security (TIFS), 2017, 12(3), 647-661.?[Paper]
Rethinking Permission Enforcement Mechanism on Mobile Systems. Yuan Zhang, Min Yang, Guofei Gu, Hao Chen. In IEEE Transactions on Information Forensics and Security (TIFS), 2016, 9(11), 1828-1842.?[Paper]
FineDroid: Enforcing Permissions with System-wide Application Execution Context. Yuan Zhang, Min Yang, Guofei Gu, Hao Chen. In Proceedings of the 11th EAI International Conference on Security and Privacy in Communication Networks (SecureComm), Dallas, TX, October 26-29, 2015.?[Paper]
AppCracker: Widespread Vulnerabilities in User and Session Authentication in Mobile Apps. Fangda Cai, Hao Chen, Yuanyi Wu, Yuan Zhang. In Proceedings of 4th IEEE Mobile Security Technologies (MoST), co-located with IEEE S&P, San Jose, CA, May 21, 2015.?[Paper]
Permission Use Analysis for Vetting Undesirable Behaviors in Android Apps. Yuan Zhang, Min Yang, Zhemin Yang, Guofei Gu, Peng Ning, Binyu Zang. In IEEE Transactions on Information Forensics and Security (TIFS), 2014, 9(11), 1828-1842.?[Paper]
AppIntent: Analyzing Sensitive Data Transmission in Android for Privacy Leakage Detection. Zhemin Yang, Min Yang, Yuan Zhang, Guofei Gu, Peng Ning, X. Sean Wang. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 4-8, 2013.?[Paper]
Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis. Yuan Zhang, Min Yang, Bingquan Xu, Zhemin Yang, Guofei Gu, Peng Ning, X. Sean Wang, Binyu Zang. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, November 4-8, 2013.?[Paper]
Swift: A Register-based JIT Compiler for Embedded JVMs. Yuan Zhang, Min Yang, Bo Zhou, Zhemin Yang, Weihua Zhang, Binyu Zang. In Proceedings of the 8th International Conference on Virtual Execution Environments (VEE), London, UK, March 3-4, 2012.?[Paper]