Dr. Daniel Xiapu Luo

Professor
Department of Computing, The Hong Kong Polytechnic University
csxluo[at]comp.polyu.edu.hk, (852)2766-7264

Daniel received his B.S. in Communication Engineering and M.S. in Communications and Information Systems from Wuhan University. He obtained his Ph.D. degree in Computer Science from the Hong Kong Polytechnic University, under the supervision of Prof. Rocky K.C. Chang. After that, Daniel spent two years at the Georgia Institute of Technology as a post-doctoral research fellow advised by Prof. Wenke Lee. His current research interests include Mobile/IoT/System Security and Privacy, Blockchain/Smart Contract, Software Engineering, Network Security and Privacy, and Internet Measurement. He currently serves as an associate editor for IEEE/ACM Transactions on Networking (ToN), IEEE Transactions on Dependable and Secure Computing (TDSC), and ACM Transactions on Privacy and Security (TOPS).
Looking for highly motivated Postdoctoral fellow and PhD/MPhil students in the areas of Mobile/IoT/System Security, Blockchain/Smart Contract, Software Engineering, Network Security and Privacy, Internet Measurement, and Performance Evaluation. Please contact me if you have interests.

Teaching:

1. Discrete Structures (COMP202)
2. Computer Networking (COMP2322)
3. Computer Communications Networks (COMP312)
4. Social and Collaborative Computing (COMP3121)
5. Mobile Security: Principles and Practice (COMP4332)
6. Principles and Practice of Internet Security (COMP4334)
7. Emerging Topics In Fintech (COMP4531)
8. Capstone Project I (COMP4911)
9. E-Commerce Fundamentals and Development (COMP5122)
10. Internet Computing and Applications (COMP5322)
11. Distributed Computing (COMP5325)
12. Web Service and Project Development (COMP5332)
13. Internet Security: Principles and Practice (COMP5353)
14. Cyber and Internet Security(COMP5355)
15. Blockchain and Smart Contract Security (COMP5566)
16. Cryptography and Blockchain(COMP6521)

Current Research:

1. Android Security, Vulnerability, and Privacy
(1) Dynamic Analysis:
NCScope: Hardware-Assisted Analyzer for Native Code in Android Apps. (Paper, Source Code)
Malton: An On-Device Non-Invasive Mobile Malware Analysis Tool for ART.(Paper)
NDroid: A Dynamic Taint Analysis Engine for Android Applications using Native Codes.(Paper, Source Code)
(2) Unpacking Hardened Apps Running in DVM or ART:
Happer: A Hardware-Assisted Unpacker.(Paper, Source Code).
Parema: An Unpacking Framework for Demystifying VM-based Android Packers.(Paper, Source Code).
PackerGrind: An Adaptive Unpacker.(Paper).
DexHunter: An In-VM Unpacker.(Paper, Source Code)
(3) Privacy Policy Analysis:
PPChecker: A System for Identifying Incomplete/Incorrect/Inconsistent Privacy Policy for Android Applications.(Paper)
AutoPPG: A System for Automatically Generating Privacy Policy Template for Android Applications.(Paper)
An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps.(Paper)
(4) User Review Analysis:
Where2Change: Change Request Localization for App Reviews.(Paper)
ReviewSolver: A System for Locating Function Errors in Mobile Apps with User Reviews.(Paper)
PADetective: A System for Characterizing Promotional Attacks in Mobile App Stores.(Paper)
(5) Potentially Harmful Apps (PHAs) Analysis:
HRAT: Structural Attack against Graph Based Android Malware Detection.(Paper, Source Code)
DiehardDetector: Detecting Diehard Android Apps. (Paper, Source Code)
FalDroid: A Quick Android Malware Familial Classifier.(Paper, Source Code)
ResDroid: A Scalable Resource-driven System for Detecting Repackaged Android Applications.(Paper)
Robust Android Malware Detection Against Adversarial Example Attacks.(Paper)
Demystifying Illegal Mobile Gambling Apps.(Paper)
A Systematical Study on Application Performance Management Libraries for Apps.(Paper)
(6) Vulnerability Discovery:
Uncovering the Unprotected Components of Android Against Overlay Attack. (Paper, Source Code)
IAceFinder: Detecting Cross-Context Inconsistent AccessControl Enforcement in Android. (Paper, Source Code)
ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Apps.(Paper)
All Your App Links are Belong to Us: Understanding the Threats of Instant Apps based Attacks. (Paper)
Resource Race Attacks on Android. (Paper)
VulHunter: A Graph-based Static-Analysis System for Discovering Vulnerable Android Applications.(Paper)
Some old vulnerability reports.
(7) Protection:
XDebloat: Towards Automated Feature-Oriented App Debloating. (Paper, Source Code)
PSGen: A tool for Analyzing Permission Specification of Android NDK. (Paper, Source Code)
Poise: Programmable In-Network Security for Context-aware BYOD Policies. (Paper, Source Code)
UIObfuscator: A Tool for Obfuscating the UI of Android Apps. (Paper, Source Code)
RootGuard: A System for Protecting Rooted Android Smartphones.(Paper, Demo)
(8) App Traffic:
FOAP: Fine-Grained Open-World Android App Fingerprinting. (Paper, Source Code)
PACKETPRINT: Packet-Level Open-World App Fingerprinting on Wireless Traffic. (Paper, Source Code)

2. Blockchain
(1) Smart Contracts Analysis:
⛓ Ethereum Virtual Machine and its Variants
Mau: GPU-based Fuzzer for Smart Contracts.(Paper, Source Code)
Unraveling the State-of-the-Art Smart Contract Fuzzers.(Paper, Source Code)
SigRec: A System for Recovering Function Signatures (ABIs) in Smart Contracts.(Paper)
TokenScope: A System for Detecting Inconsistent Behaviors of Cryptocurrency Tokens.(Paper)
TokenAware: A System for Recognizing Bookkeeping in Token Smart Contracts.(Paper, Source Code)
DeepInfer: A Deep-Learning Based Approach for Inferencing Data Structures in Smart Contract Bytecode.(Paper)
Demystifying DeFi MEV Activities in Flashbots Bundle.(Paper)
Gasper: A System for Detecting Gas-Inefficient Patterns in Smart Contracts.(Paper)
GasReducer: A System for Correcting Gas-Inefficient Patterns in Smart Contracts.(Paper)
GasChecker: Scalable Analysis for Discovering Gas-Inefficient Smart Contracts.(Paper)
A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts.(Paper)
Defining and Detecting Smart Contract Defects on Ethereum.(Paper1, Paper2, Source Code)
A Large-Scale Empirical Study of Inline Assembly in Ethereum Smart Contracts.(Paper)
SADPonzi: A System for Detecting Ponzi Schemes in Ethereum Smart Contracts.(Paper, Source Code)
Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution.(Paper, Source Code)
⛓ Other Popular Runtimes (e.g., WebAssembly Runtime, Move, Algorand Virtual Machine, Script)
MoveScan: A System for Discovering Vulnerabilities in the Bytecode of Move Smart Contracts.(Paper)
Panda: A System for Revealing Vulnerabilities in the Bytecode of Algorand Smart Contracts.(Paper)
WASAI: A System for Uncovering Vulnerabilities in WASM Smart Contracts on EOSIO.(Paper, Source Code)
EOSAFE: A System for Detecting Vulnerabilities in WASM Smart Contracts on EOSIO.(Paper)
BSHUNTER: Detecting and Tracing Defects of Bitcoin Scripts.(Paper)
(2) Transactions Analysis:
Demystifying DeFi MEV Activities in Flashbots Bundle.(Paper)
Understanding Ethereum via Graph Analysis.(Paper, Data & Source Code)
DataEther: Data Exploration Framework For Ethereum.(Paper)
Understanding (Mis)Behavior on the EOSIO Blockchain.(Paper)
Demystifying Bitcoin Mixing Services.(Paper)
Tracking Counterfeit Cryptocurrency.(Paper)
Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange.(Paper)
(3) Security and Performance Assessment:
DoubleUp Roll: Double-spending Vulnerabilities in Arbitrum and Optimism.(Paper)
fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup.(Paper)
DoSVER&DoSDET: Towards Automatic Discovery of Denial of Service Weaknesses in Blockchain Resource Models.(Paper)
ThreadNeck: Double-spending in Arbitrum by Rolling It Back.(Paper)
NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation.(Paper)
Abusing the Ethereum Smart Contract Verification Services for Fun and Profit.(Paper)
WADIFF: A Differential Testing Framework for WebAssembly Runtimes.(Paper)
SODA: A Generic Online Detection Framework for Smart Contracts.(Paper)
Defend Against Under-Priced DoS Attacks for Ethereum.(Paper)
Denial of Ethereum RPC Service Attack.(Paper)
EthHoney: A Honeypot for Understanding the Cryptocurrency Stealing Attack on Ethereum.(Paper)
A Detailed and Real-time Performance Monitoring Framework for Blockchain Systems.(Paper)

3. IoT/Vehicle Security
LLMIF: LLM-assisted Fuzzer for IoT devices. (Paper, Source Code)
Revisiting Automotive Attack Surfaces: a Practitioners' Perspective. (Paper, Source Code)
DP-Reverser: A System for Automatically Reverse Engineering Vehicle Diagnostic Protocols.(Paper, Source Code)
SAID: State-aware Defense Against Injection Attacks on In-vehicle Network.(Paper, Source Code)
EXAMINER: Automatically Locating Inconsistent Instructions between Real Devices and CPU Emulators for ARM.(Paper, Source Code)
ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels.(Paper, Source Code)
FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution. (Paper)
Tricking Lane Detection in Autonomous Driving with Crafted Perturbations. (Paper)
An Evolutionary Study of IoT Malware. (Paper)

4. Network Security (e.g., DDoS, Botnet, DNS Attacks, Anonymity Network, ...)
(1) Pulsing DoS Attacks:
On a New Class of Pulsing Denial-of-Service Attacks and the Defense.(Paper)
Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks. (Paper)
(2) Link Flooding Attacks:
LinkScope: A System for Detecting Target Link Flooding Attacks through End-to-End and Hop-by-Hop Network Probing.(Paper)
Randomized Security Patrolling for Link Flooding Attack Detection. (Paper)
(3) DDoS Attacks:
SkyShield: A Sketch-based Defense System for Application Layer DDoS Attacks.(Paper)

5. Internet Performance Measurement
(1) H2Scope: A Tool for Profiling How Websites Support HTTP/2.0.(Paper, Source Code)
(2) AndroidPerf: A Cross-layer Profiling System for Android Applications.(Paper, Source Code)
(3) kTRxer: A Portable Toolkit for Building Reliable Internet Probing Tools.(Paper)
(4) OWPScope: A Server-Side Measurement System for Gauging Multiple One-Way Path Performance Metrics.(Paper)
(5) OneProbe: A Non-Cooperative Measurement System for Assessing Multiple One-Way Path Performance Metrics from End Users.(Paper)
(6) TRIO: A Non-Cooperative Measurement Tool for Estimating Asymmetric Capacity with Three Minimum Round-Trip Times.(Paper)
(7) Some other measurement works.

6. Traffic Analysis (e.g., Website Fingerprinting, Network Covert Channel, Traffic Watermarking, ...)
(1) HTTPOS: A System for Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows.(Paper)
(2) Network Covert Channels:
Cloak: A Set of Robust Network Covert Channels Based on TCP and Enumerative Combinatorics.(Paper)
TCPScript: TCP Covert Timing Channels.(Paper)
CLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding.(Paper)
WebShare: Crafting Web Counters into Covert Channels.(Paper)
(3) Traffic Watermarking:
BACKLIT: Exposing invisible timing-based traffic watermarks.(Paper)
On the Secrecy of Spread-Spectrum Flow Watermarks.(Paper)

Selected Awards:

Distinguished Paper Award, 31st ACM Conference on Computer and Communications Security (CCS), 2024.
Best DeFi Papers Award 2023, ACM CCS Workshop on Decentralized Finance and Security (DEFI), 2024.
ACM SIGSOFT Distinguished Paper Award, 46th International Conference on Software Engineering (ICSE), 2024.
Best Paper Award, 6th International Conference on Blockchain, Metaverse and Trustworthy Systems (BlockSys), 2024.
ACM SIGSOFT Distinguished Paper Award, 14th Asia-Pacific Symposium on Internetware (Internetware), 2024.
The BOCHK Science and Technology Innovation Prize (FinTech) , 2023.
Distinguished TPC member, 42nd IEEE Conference on Computer Communications (INFOCOM), 2023, 2024.
ACM SIGSOFT Distinguished Paper Award, 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2022.
Top Reviewer Award, 29th ACM Conference on Computer and Communications Security (CCS), 2022.
Best Paper Award, 14th International Conference on Wireless Communications and Signal Processing (WCSP), 2022.
ACM SIGSOFT Distinguished Paper Award, 43rd International Conference on Software Engineering (ICSE), 2021.
Best Paper Nominee, 13th International Symposium on Empirical Software Engineering and Measurement (ESEM), 2019.
Best Paper Award, 8th IEEE Conference on Engineering, Technology, and Education (TALE), 2019.
Best Paper Award, IEEE International Conference on Computer Communications (INFOCOM), 2018.
Best Paper on Blockchain, China Computer Federation (CCF) Technical Committee on Block Chain, 2018.
Best Paper Award, 17th National Software Application Conference (NASAC) (Safety and Security of System Software Symposium) , 2018.
Best Paper Award, 13th International Conference on Information Security Practice and Experience (ISPEC), 2017.
(ISC)2 Asia-Pacific Information Security Leadership Achievements (ISLA) Honorees (Senior Information Security Professional) with Showcased Project, 2017.
Best Paper Award, 8th International Conference on Applications and Technologies in Information Security (ATIS), 2017.
Best Research Paper Award, 27th International Symposium on Software Reliability Engineering (ISSRE), 2016.
CCF-腾讯犀牛鸟基金优秀奖, 2014.
Best Student Paper Award, 22nd IFIP International Information Security Conference (IFIP SEC), 2007.

Selected Publications (More in DBLP and Google Scholar):

Conference Papers / Journal Papers

Z. Sun, Z. Li, X. Peng, X. Luo, M. Jiang, H. Zhou, Y. Zhang, "DoubleUp Roll: Double-spending in Arbitrum by Rolling It Back", Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), Salt Lake City, U.S.A, Oct 2024.(Distinguished Paper Award)
Z. Li, X. Peng, Z. He, X. Luo, T. Chen, "fAmulet: Finding Finalization Failure Bugs in Polygon zkRollup", Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), Salt Lake City, U.S.A, Oct 2024.
F. Luo, H. Lin, Z. Li, X. Luo, R. Luo, Z. He, S. Song, T. Chen, W. Luo, "Towards Automatic Discovery of Denial-of-Service Weaknesses in Blockchain Resource Models", Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), Salt Lake City, U.S.A, Oct 2024.
S. Liao, L. Cheng, X. Luo, Z. Song, H. Cai, D. Yao, H. Hu, "A First Look at Security and Privacy Risks in the RapidAPI Ecosystem", Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), Salt Lake City, U.S.A, Oct 2024.
S. Wu, Z. Li, H. Zhou, X. Luo, J. Li, H. Wang, "Following the "Thread": Toward Finding Manipulatable Bottlenecks In Blockchain Clients,", Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, September 2024.
S. Song, J. Chen, T. Chen, X. Luo, T. Li, W. Yang, L. Wang, W. Zhang, F. Luo, Z. He, Y. Lu, P. Li, "Empirical Study of Move Smart Contract Security: Introducing MoveScan for Enhanced Analysis", Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, September 2024.
P. Zheng, B. Su, X. Luo, T. Chen, N. Zhang, Z. Zheng, "LENT-SSE: Leveraging Executed and Near Transactions for Speculative Symbolic Execution of Smart Contracts", Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, September 2024.
Z. Sun, X. Du, X. Luo, F. Song, D. Lo, L. Li, "FDI: Attack Neural Code Generation Systems through User Feedback Channel", Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Vienna, Austria, September 2024.
T. Sun, N. He, J. Xiao, Y. Yue, X. Luo, and H. Wang, "All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart Contracts", Proceedings of the 33rd USENIX Security Symposium (USENIX SEC), Philadelphia, USA, August 2024.
H. Yang, Y. Nong, T. Zhang, X. Luo, H. Cai, "Learning to Detect and Localize Multilingual Bugs", Proceedings of the ACM International Conference on the Foundations of Software Engineering (FSE), Porto de Galinhas, Brazil, July 2024.
S. Chen, J. Chen, J. Yu, X. Luo, and Y. Wang, "The Dark Side of NFTs: A Large-Scale Empirical Study of Wash Trading", Proceedings of 14th Asia-Pacific Symposium on Internetware (Internetware), Macau, July 2024. (ACM SIGSOFT Distinguished Paper Award)
S. Song, Z. Liao, T. Chen, X. Luo, Y. Zhang, and G. Wang, "An Empirical Study on the Performance of EVMs and Wasm VMs for Smart Contract Execution", Proceedings of International Conference on Blockchain and Trustworthy Systems (BlockSys), Hangzhou, China, July 2024. (Best Paper Award)
W. Chen, X. Luo, H. Cai, H. Wang, “Towards Smart Contract Fuzzing on GPUs”, IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 2024.
J. Wang, L. Yu. X. Luo, “LLMIF: Augmented Large Language Model for Fuzzing IoT Devices”, IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 2024.
Z. He, Z. Li, A. Qiao, X. Luo, X. Zhang, T. Chen, S. Song, D. Liu, W. Niu, “NURGLE: Exacerbating Resource Consumption in Blockchain State Storage via MPT Manipulation”, IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 2024.
P. Jing, Z. Cai, Y. Cao, L. Yu, Y. Du, W. Zhang, C. Qian, X. Luo, S. Nie, S. Wu, “Revisiting Automotive Attack Surfaces: a Practitioners' Perspective”, IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 2024.
L. Qiao, B. Wu, H. Li, C. Gao, W. Yuan, X. Luo, “Trace-agnostic and Adversarial Training-resilient Website Fingerprinting Defense”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Vancouver, Canada, May 2024.
J. Li, Z. Lin, X. Ma, J. Li, J. Qu, X. Luo, X. Guan, “DNSScope: Fine-Grained DNS Cache Probing for Remote Network Activity Characterization”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Vancouver, Canada, May 2024.
T. Wong, C. Zhang, Y. Ni, M. Luo, H. Chen, Y. Yu, W. Li, X. Luo, H. Wang, “ConFuzz: Towards Large Scale Fuzz Testing of Smart Contracts in Ethereum”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Vancouver, Canada, May 2024.
S. Liao, M. Aldeen, J. Yan, L. Cheng, X. Luo, H. Cai, H. Hu, “Understanding GDPR Non-Compliance in Privacy Policies of Alexa Skills in European Marketplaces”, Proc. of World Wide Web Conference (WWW), Singapore, May 2024.
J. Huang, P. Xia, J. Li, K. Ma, G. Tyson, X. Luo, L. Wu, Y. Zhou, W. Cai, H. Wang, “Unveiling the Paradox of NFT Prosperity”, Proc. of World Wide Web Conference (WWW), Singapore, May 2024.
Y. Xie, J. Feng, W. Huang, Y. Zhang, X. Sun, X. Chen, X. Luo, “Contrastive Fingerprinting: A Novel Website Fingerprinting Attack over Few-shot Traces”, Proc. of World Wide Web Conference (WWW), Singapore, May 2024.
S. Wu, Z. Li, L. Yan, W. Chen, M. Jiang, C. Wang, X. Luo, H. Zhou, “Are We There Yet? Unraveling the State-of-the-Art Smart Contract Fuzzers”, Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 2024.
Y. Nong, R. Fang, G. Yi, K. Zhao, X. Luo, F. Chen, H. Cai “VGX: Large-Scale Sample Generation for Boosting Learning-Based Software Vulnerability Analyses”, Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 2024.
Y. Chen, R. Tang, C. Zuo, X. Zhang, L. Xue, X. Luo, Q. Zhao, “Attention! Your Copied Data is Under Monitoring: A Systematic Study of Clipboard Usage in Android Apps”, Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 2024. (ACM SIGSOFT Distinguished Paper Award)
H. Guo, H. Dai, X. Luo, Z. Zheng, G. Xu, F. He, “An Empirical Study on Oculus Virtual Reality Applications: Security and Privacy Perspectives”, Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 2024.
H. Li, G. Xu, L. Wang, X. Xiao, X. Luo, G. Xu, H. Wang, “MalCertain: Enhancing Deep Neural Network Based Android Malware Detection by Tackling Prediction Uncertainty”, Proceedings of the 46th International Conference on Software Engineering (ICSE), Lisbon, Portugal, April 2024.
H. Zhou, S. Wu, C. Qian, X. Luo, H. Cai, C. Zhang, "Beyond the Surface: Uncovering the Unprotected Components of Android Against Overlay Attack", Proceedings of the 31st Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2024.
P. Ma, N. He, Y. Huang, H. Wang, X. Luo, "Abusing the Ethereum Smart Contract Verification Services for Fun and Profit", Proc. Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2024.
K. Zhao, Z. Li, J. Li, H. Ye, X. Luo, T. Chen, “DeepInfer: Deep Type Inference from Smart Contract Bytecode”, Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), San Francisco, USA, December 2023.
Z. Li, J. Li, Z. He, X. Luo, T. Wang, X. Ni, W. Yang, X. Chen, T. Chen, “Demystifying DeFi MEV Activities in Flashbots Bundle”, Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 2023.(Best DeFi Papers Award in 2023)
F. Dong, S. Li, P. Jiang, D. Li, H. Wang, L. Huang, X. Xiao, J. Chen, X. Luo, Y. Guo, X. Chen, “Are we there yet? An Industrial Viewpoint on Provenance-based Endpoint Detection and Response Tools”, Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 2023.
W. Li, H. Yang, X. Luo, L. Cheng, H. Cai, “PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing”, Proceedings of the 30th ACM Conference on Computer and Communications Security (CCS), Copenhagen, Denmark, November 2023.
T. Ni, J. Li, X. Zhang, C. Zuo, W. Wang, W. Xu, X. Luo, Q. Zhao, "Exploiting Contactless Side Channels in Wireless Charging Power Banks for User Privacy Inference via Few-shot Learning", Proceedings of the 29th Annual International Conference on Mobile Computing And Networking (MobiCom), Madrid, Spain, October, 2023.
S. Zhou, M. Jiang, W. Chen, H. Zhou, H. Wang, X. Luo, "WADIFF: A Differential Testing Framework for WebAssembly Runtimes", Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), Kirchberg, Luxembourg, September 2023.
Z. Sun, X. Luo, Y. Zhang, “Panda: Security Analysis of Algorand Smart Contracts”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
Y. Zhang, Y. Hu, Z. Ning, F. Zhang, X. Luo, “SHELTER: Extending Arm CCA with Software Isolation in User Space”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
J. Qu, X. Ma, J. Li, X. Luo, L. Xue, J. Zhang, Z. Li, L. Feng, X. Guan, “An Input-Agnostic Hierarchical Deep Learning Framework for Traffic Fingerprinting”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
H. Li, Z. Cheng, B. Wu, L. Yuan, C. Gao, W. Yuan and X. Luo, “Black-box Adversarial Example Attack towards FCG Based Android Malware Detection under Incomplete Feature Information”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
M. Yuan, B. Zhao, P. Li, J. Liang, X. Han, X. Luo, C. Zhang, “DDRace: Finding Concurrency UAF Vulnerabilities with Directed Fuzzing”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
F. Dong, L.Wang, X. Nie, F. Shao, H. Wang, D. Li, X. Luo, X. Xiao, "DISTDET: A Cost-Effective Distributed Cyber Threat Detection System", Proc. of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
C. Zhang, Y. Li, H. Zhou, X. Zhang, Y. Zheng, X. Zhan, X. Xie, X. Luo, X. Li, Y. Liu and S. Habib, “Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
Z. Xi, T. Du, C. Li, R. Pang, S. Ji, X. Luo, X. Xiao, F. Ma, T. Wang “On the Security Risks of Knowledge Graph Reasoning”, Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
W. Li, J. Ruan, G. Yi, L. Cheng, X. Luo and H. Cai, "POLYFUZZ: Holistic Greybox Fuzzing of Multi-Language Systems", Proceedings of the 32nd USENIX Security Symposium (USENIX SEC), Anaheim, USA, August 2023.
S. Wu, J. Li, H. Zhou, Y. Fang, K. Zhao, H. Wang, C. Qian, and X. Luo, "CydiOS: a model-based testing framework for iOS apps", Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, USA, July 2023.
Y. Zhang, Y. Hu, H. Li, W. Shi, Z. Ning, X. Luo, and F. Zhang, "Alligator In Vest: A Practical Failure-Diagnosis Framework via Arm Hardware Features", Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, USA, July 2023.
S. Yang, Y. He, K. Chen, Z. Ma, X. Luo, Y. Xie, J. Chen, C. Zhang, “1dFuzz: Reproduce 1-day Vulnerabilities with Directed Differential Fuzzing”, Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, USA, July 2023.
X. Nie, N. Li, K. Wang, S. Wang, X. Luo, and H. Wang, "Understanding and Tackling Label Errors in Deep Learning-based Vulnerability Detection (Experience Paper)", Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, USA, July 2023.
H. Zhou, S. Hong, Y. Liu, X. Luo, W. Li and G. Gu, “Mew: Enabling Large-Scale and Dynamic Link-Flooding Defenses on Programmable Switches”, IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 2023.
T. Ni, X. Zhang, C. Zuo, J. Li, Z. Yan, W. Wang, W. Xu, X. Luo and Q. Zhao, “Uncovering User Interactions on Smartphones via Contactless Wireless Charging Side Channels”, IEEE Symposium on Security and Privacy (S&P), San Francisco, USA, May 2023.
P. Zheng, X. Luo and Z. Zheng, “BSHUNTER: Detecting and Tracing Defects of Bitcoin Scripts”, Proceedings of the 45th International Conference on Software Engineering (ICSE), Melbourne, Australia, May 2023.
H. Zhang, L. Yu, X. Xiao, Q. Li, F. Mercaldo, X. Luo and Q. Liu, “TFE-GNN: A Temporal Fusion Encoder Using Graph Neural Networks for Fine-grained Encrypted Traffic Classification”, Proceedings of the 32nd World Wide Web Conference (WWW), Austin, USA, April 2023.
Z. Wu, J. Liu, J. Wu, Z. Zheng, X. Luo, and T. Chen, “Know Your Transactions: Real-time and Generic Transaction Semantic Representation on Blockchain & Web3 Ecosystem”, Proceedings of the 32nd World Wide Web Conference (WWW), Austin, USA, April 2023.
H. Zhou, X. Luo, H. Wang, H. Cai, “Uncovering Intent based Leak of Sensitive Data in Android Framework", Proc. of the 29th ACM Conference on Computer and Communications Security (CCS), Los Angeles, USA., November 2022.
Y. Gao, G. Xu, L. Li, X. Luo, C. Wang, Y. Sui, "Demystifying the Underground Ecosystem of Account Registration Bots", Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Singapore, November 2022.
P. Xia, H. Wang, Z. Yu, X. Liu, X. Luo, G. Xu, G. Tyson, "Challenges in Decentralized Name Management: The Case of ENS", Proc. of the 22nd ACM Internet Measurement Conference (IMC), Nice, France, October 2022.
H. Ye, M. Martinez, X. Luo, T. Zhang, M. Monperrus, "SelfAPR: Self-supervised Program Repair with Test Execution Diagnostics", Proc. of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, USA, Oct. 2022.
L. Wang, H. Wang, X. Luo, Y. Sui, "MalWhiteout: Reducing Label Errors in Android Malware Detection", Proc. of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, USA, Oct. 2022.
J. Su, H. Dai, L. Zhao, Z. Zheng, X. Luo, "Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-guided Fuzzing", Proc. of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE), Ann Arbor, USA, Oct. 2022.
J. Jiang, J. Qi, T. Shen, X. Chen, S. Zhao, S. Wang, L. Chen, N. Zhang, X. Luo, H. Cui, "RONUS: Fault-isolated, Secure and High-performance Heterogeneous Computing for Trusted Execution Environments", Proc. of the 55th IEEE/ACM International Symposium on Microarchitecture (MICRO), Chicago, USA, Oct. 2022.
L. Yu, Y. Liu, P. Jing, X. Luo, L. Xue, K. Zhao, Y. Zhou, T. Wang, G. Gu, S. Nie, and S. Wu, "Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols", Proc. of the 31th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
J. Li, H. Zhou, S. Wu, X. Luo, T. Wang, X. Zhan, and X. Ma, “FOAP: Fine-Grained Open-World Android App Fingerprinting”, Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
L. Xue, Y. Liu, T. LI, K. Zhao, J. Li, L. Yu, X. Luo, Y. Zhou, and G. Gu, “SAID: State-aware Defense Against Injection Attacks on In-vehicle Network", Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
R. Pang, Z. Xi, S. Ji, X. Luo, and T. Wang, “On the Security Risks of AutoML”, Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
W. Li, J. Ming, X. Luo, and H. Cai, “PolyCruise: A Cross-Language Dynamic Information Flow Analysis,” Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
H. Zhou, S.Wu, X. Luo, T. Wang, Y. Zhou, C. Zhang, and H. Cai, "NCScope: Hardware-Assisted Analyzer for Native Code in Android Apps", Proc. of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Daejeon, South Korea, July 2022.(ACM SIGSOFT Distinguished Paper Award)
W. Chen, Z. Sun, H. Wang, X. Luo, H. Cai, and L. Wu, "WASAI: Uncovering Vulnerabilities in Wasm Smart Contracts", Proc. of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Daejeon, South Korea, July 2022.
P. Zheng, Z. Zheng, and X. Luo, "Park: Accelerating Smart Contract Vulnerability Detection via Parallel-fork Symbolic Execution", Proc. of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Daejeon, South Korea, July 2022.
Z. Ma, B. Zhao, L. Ren, Z. Li, S. Ma, X. Luo, and C. Zhang, "PrIntFuzz: Fuzzing Linux Drivers via Automated Virtual Device Simulation", Proc. of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Daejeon, South Korea, July 2022.
T. Shen, J. Qi, J. Jiang, X. Wang, X. Wen, X. Chen, S. Zhao, S. Wang, L. Chen, X. Luo, F. Zhang, and H. Cui, "SOTER: Guarding Black-box Inference for General Neural Networks at the Edge“, Proc. USENIX Annual Technical Conference (USENIX ATC), Carlsbad, USA, July 2022.
P. Xia, H. Wang, B. Gao, W. Su, Z. Yu, X. Luo, C. Zhang, X. Xiao, and G. Xu, “Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Mumbai, India, June 2022.
L. Wang, H. Wang, R. He, R. Tao, G. Meng, X. Luo, X. Liu, “MalRadar: Demystifying Android Malware in the New Era”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Mumbai, India, June 2022.
R. Pang, Z. Zhang, X. Gao, Z. Xi, S. Ji, P. Cheng, X. Luo, and T. Wang, “TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors”, Proc. of the 7th IEEE European Symposium on Security and Privacy (Euro S&P), June 2022.
S. Wang, Y. Wang, X. Zhan, Y. Wang, Y. Liu, X. Luo, and S. Cheung, “Aper: Evolution-Aware Runtime Permission Misuse Detection for Android Apps”, Proceedings of the 44th International Conference on Software Engineering (ICSE), Pittsburgh, USA, May 2022.
Y. Zhu, Y. Lai, K. Zhao, X. Luo, M. Yuan, J. Ren, and K. Zhou, “BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection”, Proc. of the 38th IEEE International Conference on Data Engineering (ICDE), Kuala Lumpur, Malaysia, May 2022.
J. Qu, X. Ma, W. Liu, H. Sang, J. Li, L.Xue, X. Luo, Z. Li, L. Feng, X. Guan, “Landing Reinforcement Learning onto Smart Scanning of The Internet of Things”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), May 2022.
G. Xu, S. Li, H. Zhou, S. Liu, Y. Tang, Li Li, X. Luo, X. Xiao, G. Xu and H. Wang, “Lie to Me: Abusing the Mobile Content Sharing Service for Fun and Profit”, Proc. of the 31st the Web Conference (WWW), Lyon, France, April 2022.
M. Jiang, T. Xu, Y. Zhou, Y. Hu, M. Zhong, L. Wu, X. Luo, and K. Ren, "EXAMINER: Automatically Locating Inconsistent Instructions between Real Devices and CPU Emulators for ARM", Proc. of the 27th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Lausanne, Switzerland, February 2022.
J. Li, S. Wu, H. Zhou, X. Luo, T. Wang, Y. Liu, and X. Ma, “Packet-Level Open-World App Fingerprinting on Wireless Traffic”, Proc. of the 29th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2022.
H. Zhou, H. Wang, X. Luo, T. Chen, Y. Zhou, and T. Wang, “Uncovering Cross-Context Inconsistent Access Control Enforcement in Android”, Proc. of the 29th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2022.
M. Jiang, L. Ma, Y. Zhou, Q. Liu, C. Zhang, Z. Wang, X. Luo, L. Wu, and K. Ren, “ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels”, Proc. of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
K. Zhao, H. Zhou, Y. Zhu, K. Zhou, X. Zhan, J. Li, L. Yu, W. Yuan, and X. Luo, “Structural Attack against Graph Based Android Malware Detection”, Proc. of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
H. Zhou, H. Wang, S. Wu, X. Luo, Y. Zhou, T. Chen, and T. Wang, "Finding the Missing Piece: Permission Specification Analysis for Android NDK", Proc. of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, November 2021.
Q. Liu, C. Zhang, L. Ma, M. Jiang, Y. Zhou, L. Wu, W. Shen, X. Luo, Y. Liu, and K. Ren, "FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution", Proc. of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, November 2021.
X. Chen, S. Zhao, J. Qi, J. Jiang, H. Song, C. Wang, T. Li, T. Chan, F. Zhang, X. Luo, S. Wang, G. Zhang, and H. Cui, “Efficient and DoS-resistant Consensus for Permissioned Blockchains”, Proc. of the 39th IFIP WG 7.3 International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance), Politecnico Di Milano, Italy, November 2021.
Y. Shi, M. Li, W. Wei, Y. Liu, and X. Luo, “Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing”, Proc. of the 32nd International Symposium on Software Reliability Engineering (ISSRE), Wuhan, China, October 2021
P. Jing, Q. Tang, Y. Du, L. Xue, X. Luo, T. Wang, S. Nie, and S. Wu, "Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations.", Proc. of the 30th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2021.
N. He, R. Zhang, H. Wang, L. Wu, X. Luo, Y. Guo, T. Yu, and X. Jiang, "EOSAFE: Security Analysis of EOSIO Smart Contracts", Proc. of the 30th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2021.
C. Wang, K. Yu, Y. Cai, X. Luo, and Z. Yang, "Detecting Concurrency Vulnerabilities Based on Partial Orders of Memory and Thread Events", Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Athens, Greece, August 2021.
Y. Wang, Q. Zhang, K. Li, J. Chen, Y. Tang, X. Luo, and T. Chen, “Towards Practical and Cost-Effective Batching of Smart-Contract Invocations on Ethereum”, Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Athens, Greece, August 2021.
L. Xue, Y. Yan, L. Yan, M. Jiang, X. Luo, D. Wu, W. Hu, and Y. Zhou, "Parema: An Unpacking Framework for Demystifying VM-based Android Packers", Proc. of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Aarhus, Denmark, July 2021. Source Code
W. Chen, X. Li, Y. Sui, N. He, H. Wang, L. Wu, and X. Luo, “SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Beijing, China, June 2021.
B. Gao, H. Wang, P. Xia, S. Wu, Y. Zhou, X. Luo, and G. Tyson, “Tracking Counterfeit Cryptocurrency End-to-end”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Beijing, China, June 2021.
L. Xue, H. Zhou, X. Luo, Y. Zhou, Y. Shi, G. Gu, F. Zhang, and M. Au, "Happer: Unpacking Android Apps via a Hardware-Assisted Approach", Proc. of the 42nd IEEE Symposium on Security and Privacy (S&P), May 2021. Source Code
X. Zhan, L. Fan, S. Chen, F. Wu, T. Liu, X. Luo, and Y. Liu, “ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Apps”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.(ACM SIGSOFT Distinguished Paper Award)
Z. Wan, X. Xia, D. Lo, J. Chen, X. Luo, and X. Yang, “Smart Contract Security: a Practitioners’ Perspective”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.
Y. Hu, H. Wang, T. Ji, X. Xiao, X. Luo, P. Gao, and Y. Guo, “CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.
X. Ma, M. Shi, B. An, J. Li, X. Luo, J. Zhang, and X. Guan, “Context-aware Website Fingerprinting over Encrypted Proxies”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), May 2021.
L. Wu, Y. Hu, Y. Zhou, H. Wang, X. Luo, Z. Wang, F. Zhang, and K. Ren, "Towards Understanding and Demystifying Bitcoin Mixing Services", Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
Y. Gao, H. Wang, L. Li, X. Luo, X. Liu, and G. Xu, "Demystifying Illegal Mobile Gambling Apps", Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
H. Li, S. Zhou, W. Yuan, X. Luo, C. Gao, and S. Chen, “Robust Android Malware Detection Against Adversarial Example Attacks”, Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
K. Li, J. Chen, X. Liu, Y. Tang, X. Wang, and X. Luo, “As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service”, Proc. of the 28th Network and Distributed System Security Symposium (NDSS), February 2021.
Y. Tang, Y. Sui, H. Wang, X. Luo, H. Zhou, and Z. Xu, “All Your App Links are Belong to Us: Understanding the Threats of Instant Apps based Attacks”, Proc. of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), California, USA, November 2020.
R. Pang, H. Shen, X. Zhang, S. Ji, Y. Vorobeychik, X. Luo, A. Liu, and T. Wang, “The Tale of Evil Twins: Adversarial Inputs versus Poisoned Models”, Proc. of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 2020.
M. Fan, L. Yu, S. Chen, H. Zhou, X. Luo, S. Li, Y. Liu, J. Liu, and T. Liu, "An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps", Prof. of the 31st International Symposium on Software Reliability Engineering (ISSRE), Coimbra, Portugal, October 2020.
H. Zhou, H. Wang, Y. Zhou, X. Luo, Y. Tang, L. Xue, and T. Wang, "Demystifying Diehard Android Apps", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
H. Zhou, T. Chen, H. Wang, L. Yu, X. Luo, T. Wang, and W. Zhang, "UI Obfuscation and Its Effects on Automated UI Analysis for Android Apps", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
X. Zhan, L. Fan, T. Liu, S. Chen, L. Li, H. Wang, Y. Xu, X. Luo, and Y. Liu, "Automated Third-party Library Detection for Android Applications: Are We There Yet?", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
P. Zhang, F. Xiao, and X. Luo, "A Framework and Data Set for Bugs in Ethereum Smart Contracts", Proc. of the 36th International Conference on Software Maintenance and Evolution (ICSME), Adelaide, Australia, September 2020. Source Code
Q. Kang, L. Xue, A. Morrison, Y. Tang, A. Chen, and X. Luo, “Programmable In-Network Security for Context-aware BYOD Policies”, Proc. of the 29th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2020.Source Code
X. Zhang, N. Wang, H. Shen, S. Ji, X. Luo, and T. Wang, “Interpretable Deep Learning under Fire”, Proc. of the 29th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2020.
R. Pang, X. Zhang, S. Ji, X. Luo, and T. Wang, “AdvMind: Inferring Adversary Intent of Black-Box Attacks”, Proc. of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD), California, USA, August 2020.
M. Jiang, Y. Zhou, X. Luo, R. Wang, Y. Liu, and K. Ren, “An Empirical Study on ARM Disassembly Tools”, Proc. of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Los Angeles, USA, July 2020.Source Code
Y. Huang, H. Wang, L. Wu, G. Tyson, X. Luo, R. Zhang, X. Liu, G. Huang, and X. Jiang, “Understanding (Mis)Behavior on the EOSIO Blockchain”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Boston, USA, June 2020.
T. Liu, H. Wang, L. Li, X. Luo, Y. Guo, F. Dong, T. Bissyandé, and J. Klein, “MadDroid: Characterising and Detecting Devious Ad Content for Android Apps”, Proc. of the 29th the Web Conference (WWW), Taipei, April 2020.
T. Chen, R. Cao, T. Li, X. Luo, G. Gu, Y. Zhang, Z. Liao, H. Zhu, G. Chen, Z. He, Y. Tang, X. Lin, and X. Zhang, "SODA: A Generic Online Detection Framework for Smart Contracts", Proc. of the 27th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2020.
Y. Cai, Y. Tang, H. Li, L. Yu, H. Zhou, X. Luo, L. He, and P. Su, “Resource Race Attacks on Android”, Proc. of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Ontario, Canada, February 2020.
T. Cao, J. Yu, J. Decouchant, X. Luo, and P. Esteves-Veríssimo, “Exploring the Monero Peer-to-Peer Network”, Proc. of the 24th International Conference on Financial Cryptography and Data Security (FC), Sabah, Malaysia, February 2020.
D. Liu, A. Leung, M. Au, X. Luo, P. Chiu, S. Im and W. Lam, "Virtual Laboratory: Facilitating Teaching and Learning in Cybersecurity for Students with Diverse Disciplines", Proc. of the 8th IEEE Conference on Engineering, Technology, and Education (TALE), Yogyakarta, Indonesia, December 2019.(Best Paper Award)
T. Chen, Y. Zhang, Z. Li, X. Luo, T. Wang, R. Cao, X. Xiao, and X. Zhang, “TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum”, Proc. of the 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
Y. Tang, X. Zhan, H. Zhou, X. Luo, Z. Xu, Y. Zhou, and Q. Yan, “Demystifying Application Performance Management Libraries for Android”, Proc. of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, United States, November 2019.
Z. Xu, T. Zhang, Y. Zhang, Y. Tang, Jin Liu, X. Luo, and J. Keung, “Identifying Crashing Fault Residence Based on Cross Project Model”, Proc. of the 30th International Symposium on Software Reliability Engineering (ISSRE), Berlin, Germany, October 2019.
Z. Cheng, X. Hou, R. Li, Y. Zhou, X. Luo, J. Li, and K. Ren, “Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum”, Proc. of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Beijing, China, September 2019.
T. Chen, Z. Li, Y. Zhang, X. Luo, T. Wang, T. Hu, X. Xiao, D. Wang, J. Huang, and X. Zhang, “A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts”, Proc. of the International Symposium on Empirical Software Engineering and Measurement (ESEM), Porto de Galinhas, Brazil, September 2019.(Best Paper Nominee)
T. Chen, Z. Li, Y. Zhang, X. Luo, A. Chen, K. Yang, B. Hu, T. Zhu, S. Deng, T. Hu, J. Chen, and X. Zhang, “DataEther: Data Exploration Framework For Ethereum”, Proc. of the 39th IEEE International Conference on Distributed Computing Systems (ICDCS), Dallas, USA, July 2019.
M. Fan, X. Luo, J. Liu, M. Wang, C. Nong, Q. Zheng, and T. Liu, “Graph Embedding based Familial Analysis of Android Malware using Unsupervised Learning”, Proc. of the 41st IEEE International Conference on Software Engineering (ICSE), Montreal, Canada, May 2019.
M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo, “Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Paris, France, April 2019.
M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis”, Proc. of the 17th National Software Application Conference (NASAC) (Safety and Security of System Software Symposium), Shenzhen, China, November 2018. (Best Paper Award)
Y. Ji, X. Zhang, S. Ji, X. Luo, and T. Wang, "Model-Reuse Attacks against Learning Systems", Proc. of the 25th ACM Conference on Computer and Communications Security(CCS), Toronto, Canada, October 2018.
C. Wang, Z. Zhao, Y. Wang, D. Qin, X. Luo, and T. Qin, "DeepMatching: A Structural Seed Identification Framework for Social Network Alignment", Proc. of 38th IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 600-610, Vienna, Austria, July 2018.
L. Yu, J. Chen, H. Zhou, X. Luo, and K. Liu, "Localizing Function Errors in Mobile Apps with User Reviews", Proc. of 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 418-429, Luxembourg, June 2018.
T. Chen, Z. Li, H. Zhou, J. Chen, X. Luo, X. Li, and X. Zhang, "Towards Saving Money in Using Smart Contracts", Proc. of 40th IEEE International Conference on Software Engineering (ICSE) (NIER), pp. 81-84, Gothenburg, Sweden, May 2018.
P. Zheng, Z. Zheng, X. Luo, X. Chen, and X. Liu, "A Detailed and Real-time Performance Monitoring Framework for Blockchain Systems", Proc. of 40th IEEE International Conference on Software Engineering (ICSE) (SEIP), pp. 134-143, Gothenburg, Sweden, May 2018.
Z. Xu, S. Li, Y. Tang, X. Luo, T. Zhang, J. Liu, and J. Xu, "Cross Version Defect Prediction with Representative Data via Sparse Subset Selection", Proc. of 26th International Conference on Program Comprehension (ICPC), pp. 132-143, Gothenburg, Sweden, May 2018.
X. Ma, Y. He, X. Luo, J. Li, M. Zhao, B. An, and X. Guan, “Vehicle Traffic Driven Camera Placement for Better Metropolis Security Surveillance”, IEEE Intelligent Systems, Volume: 33, Issue: 4, pp. 49-61, Jul./Aug. 2018.
T. Chen, Y. Zhu, Z. Li, J. Chen, X. Li, X. Luo, X. Lin, and X. Zhang, "Understanding Ethereum via Graph Analysis", Proc. of IEEE International Conference on Computer Communications (INFOCOM), Honolulu, USA, April 2018. (Best Paper Award)
J. Li, X. Ma, G. Li, X. Luo, J. Zhang, W. Li, and X. Guan, "Can We Learn What People Are Doing from Raw DNS Queries?", Proc. of IEEE International Conference on Computer Communications (INFOCOM), Honolulu, USA, April 2018.
Z. Xu, J. Liu, X. Luo, and T. Zhang, “Cross-Version Defect Prediction via Hybrid Active Learning with Kernel Principal Component Analysis”, Proc. of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 209-220, Campobasso, Italy, March 2018.
T. Chen, X. Li, Y. Wang, J. Chen, Z. Li, X. Luo, M. Au, and X. Zhang, An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks, Proc. of 13th International Conference on Information Security Practice and Experience (ISPEC), pp. 3-24, Melbourne, Australia, December 2017. (Best Paper Award)
S. Hu, X. Ma, M. Jiang, X. Luo, and M. Au, “AutoFlowLeaker: Circumventing Web Censorship through Automation Services”, Proc. of 36th IEEE International Symposium on Reliable Distributed Systems (SRDS), pp. 214-223, Hong Kong, September 2017.
L. Xue, Y. Zhou, T. Chen, X. Luo, and G. Gu, Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART, Proc. of 26th USENIX Security Symposium (USENIX SEC), pp. 289-306, Vancouver, Canada, August 2017.
B. Sun, X. Luo, M. Akiyama, T. Watanabe, and T. Mori, Characterizing Promotional Attacks in Mobile App Store, Proc. of 8th International Conference on Applications and Technologies in Information Security (ATIS), pp. 113-127, Auckland, New Zealand, July 2017. (Best Paper Award)
M. Jiang, X. Luo, T. Miu, S. Hu, and W. Rao, Are HTTP/2 Servers Ready Yet?, Proc. of 37th IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 1661-1671, Atlanta, USA, June 2017.Source Code
L. Xue, X. Luo, L. Yu, S. Wang, and D. Wu, Adaptive Unpacking of Android Apps, Proc. of 39th International Conference on Software Engineering (ICSE), pp. 358-369, Buenos Aires, Argentina, May 2017.
T. Zhang, J. Chen, H. Jiang, X. Luo, and X. Xia, Bug Report Enrichment: A Case Study of Automated Fixer Recommendation, Proc. of 25th International Conference on Program Comprehension (ICPC), pp. 230-240, Buenos Aires, Argentina, May 2017.
L. Xue, X. Ma, X. Luo, L. Yu, S. Wang, and T. Chen, Is What You Measure What You Expect? Factors Affecting Smartphone-Based Mobile Network Measurement, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Atlanta, USA, May 2017.
T. Chen, X. Li, X. Luo, and X. Zhang, Under-optimized smart contracts devour your money, Proc. of 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 437-441, Klagenfurt, Austria, February 2017
M. Fan, J. Liu, X. Luo, K. Chen, T. Chen, Z. Tian, X. Zhang, Q. Zheng, and T. Liu, Frequent Subgraph based Familial Classification of Android Malware, Proc. of 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 24-35, Ottawa, Canada, October 2016. (Best Research Paper Award)
L. Yu, X. Luo, X. Liu, and T. Zhang, Can We Trust the Privacy Policies of Android Apps?, Proc. of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 538-549, Toulouse, France, June 2016.
L. Yu, X. Luo, C. Qian, and S. Wang, Revisiting the Description-to-Behavior Fidelity in Android Applications, Proc. of 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER), pp. 415-426, Osaka, Japan, March 2016.
Y. Zhang, X. Luo, and H. Yin, DexHunter: Toward Extracting Hidden Code from Packed Android Applications, Proc. of the 20th European Symposium on Research in Computer Security (ESORICS), pp. 293-311, Vienna, Austria, September 2015. Source Code
L. Xue, C. Qian, and X. Luo, AndroidPerf: A Cross-layer Profiling System for Android Applications, Proc. of 23rd IEEE/ACM International Symposium of Quality of Service (IWQoS), pp. 115-124, Portland, USA, June 2015.
Y. Shao, X. Luo, C. Qian, P. Zhu, and L. Zhang, Towards a Scalable Resource-driven Approach for Detecting Repackaged Android Applications, Proc. of the 30th Annual Computer Security Applications Conference (ACSAC), pp. 56-65, New Orleans, USA, December 2014.
L. Xue, X. Luo, E. Chan, and X. Zhan, Towards Detecting Target Link Flooding Attack, Proc. of 28th USENIX Large Installation System Administration Conference (LISA), pp. 81-96, Seattle, USA, November 2014.
X. Luo, L. Xue, C. Shi, Y. Shao, C. Qian, and E. Chan, On Measuring One-way Path Metrics From a Web Server (Concise Paper), Proc. of the 22nd IEEE International Conference on Network Protocols (ICNP), pp. 203-208, Raleigh, USA, October 2014.
C. Qian, X. Luo, Y. Shao, and A. Chan, On Tracking Information Flows through JNI in Android Applications, Proc. of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 180-191, Atlanta, USA, June 2014. Source Code
L. Xue, X. Luo, and Y. Shao, kTRxer: A Portable Toolkit for Reliable Internet Probing, Proc. of the 22nd IEEE/ACM International Symposium on Quality and Service (IWQoS), pp. 129-134, Hong Kong, May 2014.
R. Mok, X. Luo, E. Chan, and R. Chang, QDASH: A QoE-aware DASH system, Proc. of 3rd ACM Multimedia Systems conference (MMSys), pp. 11-22, Chapel Hill, USA, February 2012.
X. Luo, P. Zhou, J. Zhang, R. Perdisci, W. Lee, and R. Chang, Exposing Invisible Timing-based Traffic Watermarks with BACKLIT, Proc. of the 27th Annual Computer Security Applications Conference (ACSAC), pp. 197-206, Orlando, USA, December 2011.
E. Chan, A. Chen, X. Luo, R. Mok, W. Li, and R. Chang, TRIO: Measuring Asymmetric Capacity with Three Minimum Round-Trip Times, Proc. of 7th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Tokyo, Japan, December 2011.
X. Luo, P. Zhou, E. Chan, R. Chang, and W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, Proc. of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 474-485, Hong Kong, June 2011.
J. Zhang, R. Perdisci, W. Lee, U. Sarfraz, and X. Luo, Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints, Proc. of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 121-132, Hong Kong, June 2011.
J. Zhang, X. Luo, R. Perdisci, G. Gu, W. Lee, and N. Feamster, Boosting the scalability of botnet detection using adaptive traffic sampling, Proc. of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 124-134, Hong Kong, March 2011.
X. Luo, P. Zhou, E. Chan, W. Lee, R. Chang, and R. Perdisci, HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows, Proc. of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2011.
Q. Hui, X. Luo, and W. Lee, Control of low-rate Denial-of-Service attacks on Web servers and TCP fows, Proc. of the 49th IEEE Conference on Decision and Control (CDC), pp. 4186-419, Atlanta, USA, December 2010.
E. Chan, X. Luo, W. Li, W. Fok, and R. Chang, Measurement of Loss Pairs in Network Paths, Proc. of the 13th Internet Measurement Conference (IMC), pp. 88-101, Melbourne, Australia, November 2010.
X. Luo, J. Zhang, R. Perdisci and W. Lee, On the Secrecy of Spread-Spectrum Flow Watermarks, Proc. of the 15th European Symposium Research Computer Security (ESORICS), pp. 232-248, Athens, Greece, September 2010.
M. Antonakakis, D. Dagon, X. Luo, R. Perdisci and W. Lee, A Centralized Monitoring Infrastructure For Improving DNS Security, Proc. of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 18-37, Ottawa, Canada, September 2010.
D. Dagon, M. Antonakakis, K. Day, X. Luo, C. Lee, and W. Lee, Recursive DNS Architectures and Vulnerability Implications, Proc. of the 16th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2009.
E. Chan, X. Luo and R. Chang, A minimum-delay-difference method for mitigating cross-traffic impact on capacity measurement, Proc. of the 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), pp. 205-216, Rome, Italy, December 2009.
X. Luo, E. Chan and R. Chang, Design and implementation of TCP data probes for reliable and metric-rich network path monitoring, Proc. of the 20th USENIX Annual Technical Conference (USENIX ATC), San Diego, USA, June 2009.
R. Perdisci, M. Antonakakis, X. Luo, and W. Lee, WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks, Proc. of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 3-12, Lisbon, Portugal, June 2009.
X. Luo, E. Chan, and R. Chang, TCP Covert Timing Channels: Design and Detection, Proc. of the 38th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 420-429, Anchorage, USA, June 2008.
X. Luo, E. Chan, and R. Chang, Cloak: A Ten-fold Way for Reliable Covert Communications, Proc. of the 12th European Symposium Research Computer Security (ESORICS), pp. 283-298, Dresden, German, September 2007.
X. Luo, E. Chan, and R. Chang, Crafting Web Counters into Covert Channels, Proc. of the 22nd IFIP International Information Security Conference (IFIP SEC), pp. 337-348, Sandton, South Africa, May 2007. (Best student paper award)
X. Luo, E. Chan, and R. Chang, Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks, Proc. of 10th IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 507-518, Vancouver, Canada, April 2006.
X. Luo, R. Chang, and E. Chan, “Performance Analysis of TCP/AQM Under Denial-of-Service Attacks”, Proc. of the 13th IEEE/ACM International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 97-104, Atlanta, USA, September 2005.
X. Luo and R. Chang, Novel Approaches to End-to-End Packet Reordering Measurement, Proc. of the 8th ACM/USENIX Internet Measurement Conference (IMC), pp. 227-238, Berkeley, USA, October 2005.
X. Luo and R. Chang, Optimizing the Pulsing Denial-of-Service Attacks, Proc. of the 35th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 582-591, Yokohama, Japan, June 2005.
X. Luo and R. Chang, On a New Class of Pulsing Denial-of-Service Attacks and the Defense, Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2005.

Journal Papers / Conference Papers

Accepted
M. Jiang, X. Zheng, R. Chang, Y. Zhou, X. Luo, “Examiner-Pro: Testing Arm Emulators across Different Privileges”, IEEE Transactions on Software Engineering (TSE).
M. Ye, Y. Nan, H. Dai, S. Yang, Z. Zheng, X. Luo, "FunFuzz: A Function-oriented Fuzzer for Smart Contract Vulnerability Detection with High Effectiveness and Efficiency", ACM Transactions on Software Engineering and Methodology (TOSEM).
Y. Li, D. Yuan, T. Zhang, H. Cai, D. Lo, C. Gao, X. Luo, H. Jiang, “Meta-Learning for Multi-Family Android Malware Classification”, ACM Transactions on Software Engineering and Methodology (TOSEM).
Y. Zhu, Y. Lai, K. Zhao, X. Luo, M. Yuan, J. Wu, J. Ren, K. Zhou "From Bi-Level to One-Level: A Framework for Structural Attacks to Graph Anomaly Detection", IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
M. Jiang, J. Jiang, T. Wu, Z. Ma, X. Luo, Y. Zhou, “Understanding Vulnerability Inducing Commits of the Linux Kernel”, ACM Transactions on Software Engineering and Methodology (TOSEM).
Z. Jiang, W. Zheng, B. Liu, H. Dai, H. Xie, X. Luo, Z. Zheng, Q. Li, “Unravelling Token Ecosystem of EOSIO Blockchain”, IEEE Transactions on Knowledge and Data Engineering (TKDE).
J. Li, Z. Lin, J. Qu, S. Wu, H. Zhou, Y. Liu, X. Ma, T. Wang, X. Luo, X. Guan, "Robust App Fingerprinting over The Air", IEEE/ACM Transactions on Networking (TON).

Published
D. Wang, M. Jiang, R. Chang, Y. Zhou, H. Wang, B. Hou, L. Wu, X. Luo, “An Empirical Study on the Insecurity of End-of-Life (EoL) IoT Devices”, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 21, Issue: 4, July-Aug. 2024.
Y. Shi, T. Luo, J. Liang, M. AU, and X. Luo, "Obfuscating verifiable Random Functions for Proof-of-Stake Blockchains", IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 21, Issue: 4, July-Aug. 2024.
Y. Tang, Z. Liu, Z. Zhou, X. Luo, “ChatGPT vs SBST: A Comparative Assessment of Unit Test Suite Generation”, IEEE Transactions on Software Engineering (TSE), Volume: 50, Issue: 6, June 2024.
Z. Liu, Y. Tang, X. Luo, Y. Zhou, L. Zhang, “No Need to Lift a Finger Anymore? Assessing the Quality of Code Generation by ChatGPT”, IEEE Transactions on Software Engineering (TSE), Volume: 50, Issue: 6, June 2024.
Y. Zhu, L. Tong, G. Li, X. Luo, and K. Zhou, “FocusedCleaner: Sanitizing Poisoned Graphs for Robust GNN-based Node Classification”, IEEE Transactions on Knowledge and Data Engineering (TKDE), Volume: 36, Issue: 6, June 2024.
X. Ma, J. Qu, M. Shi, B. An, J. Li, X. Luo, J. Zhang, Z. Li, and X. Guan, “Website Fingerprinting on Encrypted Proxies: A Flow-Context-Aware Approach and Countermeasures", IEEE/ACM Transactions on Networking (TON), Volume: 32, Issue: 3, June 2024.
Z. Zhou, Y. Zhou, C. Fang, Z. Chen, X. Luo, J. He, Y. Tang, “Coverage Goal Selector for Combining Multiple Criteria in Search-Based Unit Test Generation”, IEEE Transactions on Software Engineering (TSE), Volume: 50, Issue: 4, April 2024.
C. Ge, W. Susilo, Z. Liu, J. Baek, X. Luo and L. Fang, “Attribute-based Proxy Re-encryption with Direct Revocation Mechanism for Data Sharing in Clouds”, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 21, Issue: 2, March-April 2024.
J. Qu, X. Ma, W. Liu, H. Sang, J. Li, L. Xue, X. Luo, Z. Li, L. Feng, and X. Guan, "On Smartly Scanning of The Internet of Things", IEEE/ACM Transactions on Networking (TON), pp. 1019-1034, vol. 32, March 2024.
X. Wang, Y. Liu, K. Jiao, P. Liu, X. Luo, and T. Liu, “Intrusion Device Detection in Fieldbus Networks based on Channel-State Group Fingerprint”, IEEE Transactions on Information Forensics and Security (TIFS), 12 March 2024.
Y. Zhu, T. Michalak, X. Luo, X. Zhang, and K. Zhou, “Towards Secrecy-Aware Attacks Against Trust Prediction in Signed Social Networks”, IEEE Transactions on Information Forensics and Security (TIFS), 13 February 2024.
Y. Zhang, S. Cao, H. Wang, Z. Chen, X. Luo, D. Mu, Y. Ma, G. Huang, and X. Liu, "Characterizing and Detecting WebAssembly Runtime Bugs", ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 33, Issue 2, pp 1–29, February 2024.
Y. Li, T. Zhang, X. Luo, H. Cai, S. Fang, D. Yuan, "Do Pre-trained Language Models Indeed Understand Software Engineering Tasks?", IEEE Transactions on Software Engineering (TSE), Vol.49, pp. 4639-4655, Oct. 2023.
P. Zhang, Q. Yu, Y. Xiao, H. Dong, X. Luo, X. Wang and M. Zhang, "BiAn: Smart Contract Source Code Obfuscation", IEEE Transactions on Software Engineering(TSE), Volume: 49, Issue: 9, September 2023
L. Qiao, B. Wu, S. Yin, H. Li, W. Yuan, X. Luo, “Resisting DNN-Based Website Fingerprinting Attacks Enhanced by Adversarial Training”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 18, pp. 5375 - 5386, August 2023.
C. Gao, S. Yin, G. Huang, H. Li, W. Yuan, X. Luo, “Obfuscation-resilient Android Malware Analysis Based on Complementary Features”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 18, pp. 5056 – 5068, August 2023.
S. Li, J. Li, Y. Tang, X. Luo, Z. He, Z. Li, X. Cheng, Y. Bai, T. Chen, Y. Tang, Z. Liu, and X. Zhang, “BlockExplorer: Exploring Blockchain Big Data via Parallel Processing”, IEEE Transactions on Computers (TC), Volume: 72, Issue: 8, August 2023.
Y. Tan, J. Chen, W. Shang, T. Zhang, S. Fang, X. Luo, Z. Chen, and S. Qi, "STRE: An Automated Approach to Suggesting App Developers When to Stop Reading Reviews", IEEE Transactions on Software Engineering (TSE), Volume: 49, Issue: 8, August 2023.
Y. Huang, H. Guo, X. Ding, J. Shu, X. Chen, X. Luo, Z. Zheng, X. Zhou, "A comparative study on method comment and inline comment", ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 32, Issue 5, pp 1–26, July 2023.
N. Ivanov, C. Li, Q. Yan, Z. Sun, Z. Cao, X. Luo, “Security Defense for Smart Contracts: A Comprehensive Survey”, ACM Computing Surveys (CSUR), Volume 55, Issue 14, 17 July 2023.
Q. Li, X. Ma, A. Zhou, X. Luo, and S. Wang “User-Oriented Edge Node Grouping in Mobile Edge Computing”, IEEE Transactions on Mobile Computing (TMC), Volume: 22, Issue: 6, 01 June 2023.
J. Ni, M. Au, W. Wu, X. Luo, X. Lin, X. Shen “Dual-Anonymous Off-Line Electronic Cash for Mobile Payment”, IEEE Transactions on Mobile Computing (TMC) Volume: 22, Issue: 6, 01 June 2023.
Y. Wang, K. Li, Y. Tang, J. Chen, Q. Zhang, X. Luo, and T. Chen, “Towards Saving Blockchain Fees via Secure and Cost-Effective Batching of Smart-Contract Invocations”, IEEE Transactions on Software Engineering (TSE), Volume: 49, Issue: 4, 01 April 2023.
Y. Nong, R. Sharma, W. Hamou-Lhadj, X. Luo, and Haipeng Cai. “Open Science in Software Engineering: A Study on Deep Learning-Based Vulnerability Detection”, IEEE Transactions on Software Engineering (TSE), Volume: 49, Issue: 4, 01 April 2023.
M. Jiang, Q. Dai, W. Zhang, R. Chang, Y. Zhou, X. Luo, R. Wang, Y. Liu, K. Ren, “A Comprehensive Study on ARM Disassembly Tools”, IEEE Transactions on Software Engineering (TSE), Volume: 49, Issue: 4, 01 April 2023.
L. Yu, H. Wang, X. Luo, T. Zhang, K. Liu, J. Chen, H. Zhou, Y. Tang, and X. Xiao, "Towards Automatically Localizing Function Errors in Mobile Apps with User Reviews”, IEEE Transactions on Software Engineering (TSE), Volume: 49, Issue: 4, 01 April 2023.
Z. He, S. Song, Y. Bai, X. Luo, T. Chen, W. Zhang, P. He, H. Li, X. Lin, and X. Zhang, “TokenAware: Accurate and Efficient Bookkeeping Recognition for Token Smart Contracts", ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 32, Issue 1, pp 1–35, February 2023.
Z. Liao, S. Song, H. Zhu, X. Luo, Z. He, R. Jiang, T. Chen, J. Chen, T. Zhang and X. Zhang, “Large-Scale Empirical Study of Inline Assembly on 7.6 Million Ethereum Smart Contracts”, IEEE Transactions on Software Engineering (TSE), Volume: 49, Issue: 2, 01 February 2023.
Y. Ye, J. Zhang, W. Wu, and X. Luo, “Boros: Secure Cross-Channel Transfers via Channel Hub”, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume 20, Issue 1, pp.407-421, Jan.-Feb. 2023.
Z. Jiang, X. Tang, Z. Zheng, J. Guo, X. Luo, and Y. Li, "Calling Relationship Investigation and Application on Ethereum Blockchain System", Empirical Software Engineering (EMSE), Jan. 2023.
P. Zheng, Q. Xu, X. Luo, Z. Zheng, W. Zheng, X. Chen, Z. Zhou, Y. Yan, and H. Zhang, “Aeolus: Distributed Execution of Permissioned Blockchain Transactions via State Sharding”, IEEE Transactions on Industrial Informatics (TII), Volume 18, Issue 12, pp. 9227-9238, December 2022.
Y. Tang, H. Zhou, X. Luo, T. Chen, H. Wang, Z. Xu, and Y. Cai, “XDebloat: Towards Automated Feature-Oriented App Debloating”, IEEE Transactions on Software Engineering (TSE) ), Volume 48, Issue 11, pp. 4501-4520, November 2022.
H. Cao, H. Zhao, X. Luo,  N. Kumar, and L. Yang, “Dynamic Virtual Resource Allocation Mechanism for Survivable Services in Emerging NFV-Enabled Vehicular Networks”, IEEE Transactions on Intelligent Transportation Systems (TITS), Volume 23, Issue 11, pp. 22492-22504, November 2022.
X. Zhan, T. Liu, Y. Liu, L. Li, H. Wang, and X. Luo, “A Systematic Assessment on Android Third-party Library Detection Tools”, IEEE Transactions on Software Engineering (TSE), Volume 48, Issue 11, pp. 4249-4273, November 2022.
X. Zhan, T. Liu, L. Fan, L. Li, S. Chen, X. Luo, and Y. Liu, “Research on Third-Party Libraries in Android Apps: A Taxonomy and Comprehensive Survey”, IEEE Transactions on Software Engineering (TSE), Volume 48, Issue 10, October 2022.
X. Xiao, W. Xiao, R. Li, X. Luo, H. Zheng, and S. Xia, “EBSNN: Extended Byte Segment NeuralNetwork for Network Traffic Classification”, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 19, Issue: 5, 01 Sept.-Oct. 2022
T. Chen, Z. Li, X. Luo, X. Wang, T. Wang, Z. He, K. Fang, Y. Zhang, H. Zhu, H. Li, Y. Cheng, and X. Zhang, “SigRec: Automatic Recovery of Function Signatures in Smart Contracts”, IEEE Transactions on Software Engineering (TSE), Volume: 48, Issue: 8, 01 August 2022.
Y. Tang, H. Wang, X. Zhan, X. Luo, Y. Zhou, H. Zhou, Q. Yan, Y. Sui, and J. Keung, “A Systematical Study on Application Performance Management Libraries for Apps”, IEEE Transactions on Software Engineering (TSE), Volume: 48, Issue: 8, 01 August 2022.
Z. Jiang, Z. Zheng, K. Chen, X. Luo, X. Tang, and Y. Li, "Exploring Smart Contract Recommendation: Towards Efficient Blockchain Development", IEEE Transactions on Services Computing (TSC), pp. 1-12, August 2022.
T. Shen, J. Jiang, Y. Jiang, X. Chen, J. Qi, S. Zhao, F. Zhang, X. Luo, and H. Cui, "DAENet: Making Strong Anonymity Scale in a Fully Decentralized Network", IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 19, Issue: 4, July-Aug. 2022.
J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode“, IEEE Transactions on Software Engineering (TSE), Volume: 48, Issue: 7, 01 July 2022. Source Code
Y. Huang, J. Jiang, X. Luo, X. Chen, Z. Zheng, N. Jia, and G. Huang, “Change-Patterns Mapping: A Boosting Way for Change Impact Analysis”, IEEE Transactions on Software Engineering (TSE), Volume: 48, Issue: 7, 01 July 2022.
S. Wu, L. Wu, Y. Zhou, R. Li, Z. Wang, X. Luo, C. Wang, K. Ren, "Time-Travel Investigation: Towards Building A Scalable Attack Detection Framework on Ethereum", ACM Transactions on Software Engineering and Methodology (TOSEM), Volume: 31, Issue: 3, July 2022.
D. Yuan, S. Fang, T. Zhang, Z. Xu, and X. Luo, “Java Code Clone Detection by Exploiting Semantic and Syntax Information from Intermediate Code Based Graph”, IEEE Transactions on Reliability (TR)), pp. 1-16, June 2022.
X. Yang, M. Liu, M. Au, X. Luo, Q. Ye, “Efficient Verifiably Encrypted ECDSA-Like Signatures and Their Applications”, IEEE Transactions on Information Forensics and Security (TIFS), Vol.17, PP. 1573-1582, April 2022.
L. Xue, H. Zhou, X. Luo, L. Yu, D. Wu, Y. Zhou, and X. Ma, “PackerGrind: An Adaptive Unpacking System for Android Apps”, IEEE Transactions on Software Engineering (TSE), Volume: 48, Issue: 2, Feb. 1 2022.Source Code
J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “Defining Smart Contract Defects on Ethereum”, IEEE Transactions on Software Engineering (TSE), Volume: 48, Issue: 1, Jan. 1 2022. (also appear at the Journal First Session of the 43rd International Conference on Software Engineering (ICSE)).
Y. Feng, W. Zhang, X. Luo, B. Zhang, “A Consortium Blockchain-based Access Control Framework with Dynamic Orderer Node Selection for Industrial Internet of Things”, IEEE Transactions on Industrial Informatics (TII), Volume: 18, Issue: 4, April 2022.
Y. Huang, X. Liang, Z. Chen, N. Jia, X. Luo, X. Chen, Z. Zheng and X. Zhou, "Reviewing rounds prediction for code patches",  Empirical Software Engineering (EMSE), 27, Article number: 7 2022.
T. Zhang, J. Chen, X. Zhan, X. Luo, D. Lo, and H. Jiang, “Where2Change: Change Request Localization for App Reviews”, IEEE Transactions on Software Engineering (TSE), Volume: 47, Issue: 11, Nov. 2021. (also appear at the Journal First Session of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)).
H. Wang, W. Zhang, H. He, P. Liu, X. Luo, Y. Liu, J. Jiang, Y. Li, X. Zhang, W. Liu, R. Zhang, and X. Lan, “An Evolutionary Study of IoT Malware”, IEEE Internet of Things Journal (IoTJ), Volume: 8, Issue: 20, Oct.15, 2021.
R. He, H. Wang, P. Xia, L. Wang, Y. Li, L. Wu, Y. Zhou, X. Luo, Y. Guo, Y. Sui, G. Xu, “Beyond the Virus: A First Look at Coronavirus-themed Mobile Malware”, Empirical Software Engineering (EMSE),26, Article number: 82 2021
T. Chen, Y. Feng, Z. Li, H. Zhou, X. Luo, X. Li, X. Xiao, J. Chen and X. Zhang, "GasChecker: Scalable Analysis for Discovering Gas-Inefficient Smart Contracts", IEEE Transactions on Emerging Topics in Computing  (TETC), Volume: 9, Issue: 3, July-Sept. 2021.
H. Cao, J. Du, H. Zhao, X. Luo, G. Aujla, N. Kumar, L. Yang, and F. Yu, "Resource-Ability Assisted Service Function Chain Embedding and Scheduling for 6G Networks With Virtualization", IEEE Transactions on Vehicular Technology (TVT), Volume: 70, Issue: 4, April 2021.
Z. Xu, T. Zhang, J. Keung, M. Yan, X. Luo, X. Zhang, L. Xu, and Y. Tang. "Feature Selection and Embedding Based Cross Project Framework for Identifying Crashing Fault Residence". Information and Software Technology (IST), Volume 131, March 2021
L. Yu, X. Luo, J. Chen, H. Zhou, T. Zhang, H. Chang, and H. Leung, “PPChecker: Towards Accessing the Trustworthiness of Android Apps' Privacy Policies”, IEEE Transactions on Software Engineering (TSE), 47(2), Feb. 2021.
Z. Xu, L. Li, M. Yan, J. Liu, X. Luo, J. Grundy, Y. Zhang, and X. Zhang, "A Comprehensive Comparative Study of Clustering-based Unsupervised Defect Prediction Models", Journal of Systems and Software (JSS), Volume 172, February 2021.
Y. Huang, X. Hu, N. Jia, X. Chen, Z. Zheng, and X. Luo, "CommtPst: Deep Learning Source Code for Commenting Positions Prediction", Journal of Systems and Software (JSS), Volume 170, December 2020.
Y. Huang, S. Huang, H. Chen, X. Chen, Z. Zheng, X. Luo, N. Jia, X. Hu, and X. Zhou, "Towards automatically generating block comments for code snippets", Information and Software Technology (IST), Volume 127, November 2020
P. Xia,  H. Wang, B. Zhang, Ru Ji, B. Gao, L. Wu, X. Luo, and G. Xu, "Characterizing Cryptocurrency Exchange Scams",  Computers & Security (COSE), Volume 98, November 2020.
X. Ma, B. An, M. Zhao, X. Luo, L. Xue, Z. Li, T. Miu, and X. Guan, “Randomized Security Patrolling for Link Flooding Attack Detection”, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 17, Issue: 4, July-Aug. 1 2020.
T. Chen, Z. Li, Y. Zhu, J. Chen, X. Luo, J. Lui, X. Lin, and X. Zhang, “Understanding Ethereum via Graph Analysis”, ACM Transactions on Internet Technology (TOIT), Volume 20, Issue 2, May 2020.
Y. Shi, W. Wei, F. Zhang, X. Luo, Z. He, and H. Fan, “SDSRS: A Novel White-Box Cryptography Scheme for Securing Embedded Devices in IIoT”, IEEE Transactions on Industrial Informatics (TII), Volume: 16, Issue: 3, March 2020.
  M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis”, IEEE Transactions on Reliability (TR), Volume: 69, Issue: 1, March 2020.
M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo, "DINA: Detecting Hidden Android Inter-App Communication in Dynamic Loaded Code", IEEE Transactions on Information Forensics and Security (TIFS), Volume: 15, Feb. 2020.
Z. Xu, S. Li, J. Xu, J. Liu, X. Luo, Y. Zhang, T. Zhang, Y. Tang, and J. Keung, “LDFR: Learning Deep Feature Representation for Software Defect Prediction”, Journal of Systems and Software  (JSS), Volume 158, December 2019.
Y. Shi, W. Wei, H. Fan, M. Au, and X. Luo, “A Light-Weight White-Box Encryption Scheme for Securing Distributed Embedded Devices”, IEEE Transactions on Computers (TC), Volume 68, Number 10, October 2019.(Selected as the Featured Article of TC 2019 Oct. Issue)
  Z. Xu, S. Li, X. Luo, J. Liu, T. Zhang, Y. Tang, J. Xu, and P. Yuan, "TSTSS: A Two-Stage Training Subset Selection Framework for Cross Version Defect Prediction", Elsevier Journal of Systems and Software  (JSS), Volume 154, August 2019.
L. Xue, C. Qian, H. Zhou, X. Luo, Y. Zhou, Y. Shao, and A. Chan, "NDroid: Towards Tracking Information Flows Across Multiple Android Contexts", IEEE Transactions on Information Forensics and Security  (TIFS), Volume: 14, Issue: 3, pp. 814–828, March 2019. Source Code
Z. Xu, J. Liu, X. Luo, Z. Yang, Y. Zhang, P. Yuan, Y. Tang, and T. Zhang, “Software Defect Prediction Based on Kernel PCA and Weighted Extreme Learning Machine”, Elsevier Information and Software Technology (IST), Volume 106, pp. 182-200, February 2019.
  H. Jiang, L. Nie, Z. Sun, Z. Ren, W. Kong, T. Zhang, and X. Luo, ROSF: Leveraging Information Retrieval and Supervised Learning for Recommending Code Snippets, IEEE Transactions on Services Computing (TSC), Volume: 12, Issue: 1, pp. 34 - 46, January - February 2019.
L. Xue, X. Ma, X. Luo, E. Chan, T. Miu, and G. Gu, “LinkScope: Towards Detecting Target Link Flooding Attacks”, IEEE Transactions on Information Forensics and Security  (TIFS), Volume: 13, Issue: 10, pp. 2423–2438, October 2018.
L. Yu, X. Luo, C. Qian, S. Wang, and H. Leung, “Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy”, IEEE Transactions on Software Engineering (TSE), Volume: 44, Issue: 9, pp. 834–854, Sept. 2018.
M. Fan, J. Liu, X. Luo, K. Chen, T. Chen, Z. Tian, X. Zhang, Q. Zheng, and T. Liu, “Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis”, IEEE Transactions on Information Forensics and Security  (TIFS), Volume: 13, Issue: 8, pp. 1890–1905, August 2018.  Source Code
C. Wang, T. Miu, X. Luo, and J. Wang, “SkyShield: A Sketch-based Defense System for Application Layer DDoS Attacks”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 13, Issue: 3, pp. 559–573, March 2018.
P. Zhang, J. Liu, F.  Yu, M. Sookhak, M. Au, and X. Luo, “A Survey on Access Control in Fog Computing”, IEEE Communications Magazine, Volume: 56, Issue: 2, pp. 144-149, February 2018.
T. Zhang, J. Chen, X. Luo, and T. Li, "Bug Reports for Desktop Software and Mobile Apps in GitHub: What is the Difference?", IEEE Software, October 2017 (also appear at the Journal First Session of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME)).
W. Chen, X. Luo, C. Yin, B. Xiao, M. Au, and Y. Tang, “CloudBot: Advanced Mobile Botnets using Ubiquitous Cloud Technologies”, Pervasive and Mobile Computing (PMC), Volume 41, 270-285, October 2017.
L. Yu, T. Zhang, X. Luo, L. Xue, and H. Chang, Towards Automatically Generating Privacy Policy for Android Apps, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 12, Issue: 4, pp. 865–880, April 2017.
X. Luo, H. Zhou, L. Yu, L. Xue, and Y. Xie, Characterizing mobile *-box applications, Computer Networks (COMNET), Volume 117, pp. 166-184, July 2016.
T. Zhang, J. Chen, G. Yang, B. Lee, and X. Luo, Towards More Accurate Severity Prediction and Fixer Recommendation of Software Bugs, Journal of Systems and Software (JSS), Volume 117, pp. 166-184, July 2016.
T. Zhang, H. Jiang, X. Luo, and A. Chan, A Literature Review of Research in Bug Resolution: Tasks, Challenges and Future Directions, The Computer Journal, Volume 59, Issue 5, pp. 741–773, May 2016.
C. Qian, X. Luo, L. Yu, and G. Gu, VulHunter: Towards Discovering Vulnerabilities in Android Applications, IEEE Micro, Volume: 35, Issue: 1, pp. 44–53, Jan.-Feb. 2015.
Y. Shao, X. Luo, and C. Qian, RootGuard: Protecting Rooted Android Phones, IEEE Computer, Volume: 47, Issue: 6, pp. 32–40, June 2014. (Among the top 10 downloaded articles from the IEEE Computer Society's Digital Library during 2014.)
Y. Tang, X. Luo, Q. Hui, and R. Chang, Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 9, Issue: 3, pp. 339-353, March 2014.
J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz, Building A Scalable System For Stealthy P2P-Botnet Detection, IEEE Transactions on Information Forensics and Security (TIFS) Volume: 9, Issue: 1, pp. 27-38, January 2014.
Y. Liu, X. Luo, R. Chang, and J. Su, Characterizing Inter-Domain Rerouting by Betweenness Centrality after Disruptive Events, IEEE Journal on Selected Areas in Communications (JSAC), Volume: 31, Issue: 6, pp. 1147-1157, June 2013.
X. Luo, E. Chan, P. Zhou, and R. Chang, Robust Network Covert Communications Based on TCP and Enumerative Combinatorics, in IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 9, Issue: 6, pp. 890-902, November-December 2012.