Department of Computer Science and Engineering
The Hong Kong University of Science and Technology
Email: daoyuan [at] cse.ust.hk
; dywu [at] ie.cuhk.edu.hk
Gmail: daoyuan0x
DBLP |
Google Scholar
I am currently a Research Assistant Professor (PhD Supervisor, with duties including grant application and teaching) at HKUST CSE. I work closely with Prof. Shuai Wang and his students. Prior to joining HKUST, I was a Senior Research Fellow at Nanyang Technological University (NTU) for one year, working with Prof. Yang Liu on LLM-driven Web3 Security. Before that, I spent six months as a Senior Researcher at Huawei Hong Kong Research Centre and three years as a Research Assistant Professor in the Department of Information Engineering, The Chinese University of Hong Kong (CUHK). I also served as an Adjunct Assistant Professor at CUHK IE from 2022 to 2023. Before CUHK, I earned Ph.D. in 2019 from Singapore Management University (SMU) in the School of Computing and Information Systems. My PhD study was generously supported by the Secure Mobile Center (SMC) PhD Scholarship (the only awardee; plus that GRE was wavied). Before pursuing my PhD, I received M.Phil. from Department of Computing at The Hong Kong Polytechnic University in 2015 and B.E. from Department of Information Security at Nanjing University of Posts and Telecommunications in 2011.
My research focuses on three areas: (i) Large X (language, vision, binary, etc.) Models and AI Security, (ii) Blockchain and FinTech Security, and (iii) Mobile and Software Security. Over the years, I have made the following representative works:
BackDroid: proposing a very creative search-based technique, on-the-fly bytecode search, to address a fundamental limitation in Android app analysis. It enables usage in Open Ports [NDSS'19], DSDK [EMSE'21, WASA'17], and MtdScout [EuroS&P'24].
GPTScan: the first work to deeply connect LLM with static analysis, inspiring our further work on LLM4Vuln [arXiv'24] and more.
BlockScope: a search-based patch vs. code similarity analysis tool for discovering over 100 vulnerabilities in top blockchains, including Dogecoin (the new CVE-2021-37491), Binance's BSC Chain (a bug bounty), and Optimism/Base/Mantle.
MopEye: the first non-intrusive crowdsourcing app MopEye for security and networking research, leading to further work on AcuteMon [CoNEXT'16], UpDroid [WiSec'18], MopEye Dataset [IWQoS'19], NetMon [NDSS'19], and SideNet [TII'21].
A pioneering contribution to ContentProvider security (over 60 CVEs) and WebView security (e.g., CVE-2014-7224 for Android and CVE-2015-5921 for iOS) with an ITF grant, Local Attacks [ISC'14], Remote Attacks [MoST'15], and IABI Usability [RAID'21].
I am looking for a few highly self-motivated students (PhD/MPhil/RA) with expertise in AI/LLM/DM/Blockchain/PL/Soot.
Strong PhD candidates are welcome to contact my close collaborators: Prof. Yang Liu, Prof. Shuai Wang, Prof. Debin Gao,
Prof. Yingjiu Li, Prof. Robert Deng, Prof. Lingxiao Jiang, Prof. David Lo, and Prof. Kehuan Zhang. I can help recommend.
Large X Models and AI Security: Large X Models for Pervasive Cybersecurity; Security of LLMs and AI.
GPTScan [ICSE'24],
LLMImitation [ICSE'24],
PDoctor [arXiv'24],
MLM4VDLTest [arXiv'24],
iAudit [arXiv'24],
ACFix [arXiv'24],
PTM4AWI [arXiv'24],
SelfDefend [arXiv'24],
LLM4Vuln [arXiv'24],
VRPTEST [arXiv'23],
AWISurvey [arXiv'23],
Portia [arXiv'23],
SideNet [TII'21],
and UpDroid [WiSec'18].
Blockchain and FinTech Security: analyzing Blockchain, Smart Contract, and Layer-2/ZKP/FHE security.
BlockScope [NDSS'23],
SoMo [ISSTA'23],
and MineBlockVuln [FSE'22].
Two more works are under review.
Mobile and Software Security: static/dynamic/vuln/malware analysis; computational social science (policy).
BackDroid [DSN'21],
MtdScout [EuroS&P'24],
Insecure Open Ports [NDSS'19],
VoIP Fuzzing [DIMVA'20],
Insecure PendingIntents [Blackhat Europe'21],
IABI Usability Insecurity [RAID'21],
MineAndroVuln [AsiaCCS'19],
Remote Webview Attacks [MoST'15],
Local Webview File:// Attack [ISC'14],
DSDK Inconsistency [EMSE'21, WASA'17],
SCLib [CODASPY'18],
LiCA [RAID'22],
App Repackaging [TDSC'21],
Native Stack [ICISC'15],
and
ECVDetector [arXiv'14].
My recent focus in this area is app-related computational social science, collaborated with my wife. We are looking for students!
I am also interested in network and Internet measurement, blockchain-based decentralized apps, and AI-based smart systems.
MopEye [ATC'17], MopEye Dataset [IWQoS'19], Speedtest Inaccuracy [INFOCOM'15, TMC'17], and AcuteMon [CoNEXT'16].
iExam [arXiv'22] and AGChain [arXiv'21].
P26 |
MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search EuroS&P '24 |
P25 |
GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis ICSE '24 |
P24 |
On Extracting Specialized Code Abilities from Large Language Models: A Feasibility Study ICSE '24 |
P23 |
Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts ISSTA '23 |
P22 |
BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects NDSS '23 |
P21 |
An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns FSE '22 |
P20 |
LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework RAID '22 |
P19 |
On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps RAID '21 |
P18 |
When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid DSN '21 |
P17 |
Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing TDSC '21 |
P16 |
Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems TII '21 |
P15 |
Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls EMSE '21 |
P14 |
Understanding Android VoIP Security: A System-level Vulnerability Assessment DIMVA '20 |
P13 |
Towards Understanding Android System Vulnerabilities: Techniques and Insights AsiaCCS '19 |
P12 |
An Empirical Study of Mobile Network Behavior and Application Performance in the Wild IWQoS '19 |
P11 |
Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment NDSS '19 |
P10 |
Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild WiSec '18 |
P9 |
SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications CODASPY '18 |
P8 |
MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance USENIX ATC '17 |
P7 |
Toward Accurate Network Delay Measurement on Android Phones TMC '17 |
P6 |
Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps WASA '17 |
P5 |
Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement CoNEXT '16 |
P4 |
Stack Layout Randomization with Minimal Rewriting of Android Binaries ICISC '15 |
P3 |
On the Accuracy of Smartphone-based Mobile Network Measurement INFOCOM '15 |
P2 |
Indirect File Leaks in Mobile Applications MoST '15 |
P1 |
Analyzing Android Browser Apps for file:// Vulnerabilities ISC '14 |
R14 |
Testing and Understanding Erroneous Planning in LLM Agents through Synthesized User Inputs arXiv '24 |
R13 |
Benchmarking Multi-Modal LLMs for Testing Visual Deep Learning Systems Through the Lens of Image Mutation arXiv '24 |
R12 |
Combining Fine-Tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications arXiv '24 |
R11 |
ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts arXiv '24 |
R10 |
Pre-trained Model-based Actionable Warning Identification: A Feasibility Study arXiv '24 |
R9 |
LLMs Can Defend Themselves Against Jailbreaking in a Practical Manner: A Vision Paper arXiv '24 |
R8 |
LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs' Vulnerability Reasoning arXiv '24 |
R7 |
VRPTEST: Evaluating Visual Referring Prompting in Large Multimodal Models arXiv '23 |
R6 |
Machine Learning for Actionable Warning Identification: A Comprehensive Survey arXiv '23 |
R5 |
Split and Merge: Aligning Position Biases in Large Language Model based Evaluators arXiv '23 |
R4 |
iExam: A Novel Online Exam Monitoring and Analysis System Based on Face Detection and Recognition arXiv '22 |
R3 |
AGChain: A Blockchain-based Gateway for Permanent, Distributed, and Secure App Delegation from Existing Mobile App Markets arXiv '21 |
R2 |
MopEye: Monitoring Per-app Network Performance with Zero Measurement Traffic CoNEXT '15 Poster |
R1 |
A Sink-driven Approach to Detecting Exposed Component Vulnerabilities in Android Apps arXiv '14 |
T6 |
Proof-of-Work vs. Proof-of-Stake: Insights into Fairness and Governance Sustainability from the Blockchain World Business Sustainability Conference '23 |
T5 |
Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps Blackhat Europe '21 |
T4 |
Leveraging Automatic Face Recognition for Online Exam Monitoring and Analysis CUHK Expo '21 |
T3 |
Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis NJUPT Keynote '19 |
T2 |
Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications HitCon Pacific '17 |
T1 |
On the Feasibility of Automatically Generating Android Component Hijacking Exploits HitCon '14 |
2022 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).
2021 Fall - IERG4130 Introduction to Cyber Security: homepage (only in CUHK) and mirror website (public).
Received the Best Teaching Award of the MScIE Programme 2020-2021.
2021 Spring - IEMS5722 Mobile Network Programming and Distributed Server Architecture: homepage and mirror website.
2020 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).
2019 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).
PhD Students:
Officially advised: Dr. Xiao Yi (2019 - 2023 at CUHK, co-advised with Prof. Kehuan Zhang; First job: researcher at Huawei Hong Kong Research Centre).
Unofficially co-advised: Zicheng Zhang (at SMU since 2020, with gap years), Yuqiang Sun (at NTU since 2023), Han Liu (at NTU since 2023), Xiuting Ge (at NTU since 2023).
Research Assistants:
Yuzhou Fang (2021 - 2022; Next: PhD student at USC), Mengjie Chen (2020 - 2021; Next: Mask Network).
Undergraduate Students:
Yufan Chen (at Xidian since 2021, with gap years; Next: SMU), Xu Yang (2021 - 2022; Next: ASTRI).
MSc Students (at CUHK):
2019 - 2020: Mengjie Chen (arXiv'21; Next: CUHK), Lixiang Li (RAID'21; Next: miHoYo), Ming Fang (helped EuroS&P'24; Next: Alibaba), Weiyan Xiong (helped FSE'22; Next: SAP China).
2020 - 2021: Yan Wu (EuroS&P'24; Next: Morgan Stanley China), Siqin Li (explored FPS security).
Conference Program Committee:
NDSS 2025, ISSTA 2025, ICSE 2025, CCS 2024, ACSAC 2024, RAID 2024, AsiaCCS 2024, ICICS 2024, RAID 2023, ICICS 2023, ICICS 2021, NOMS 2018.
Conference Shepherd:
Journal Reviewer:
ACM Transactions on Privacy and Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Mobile Computing, Journal of Systems and Software, Journal of Information Security and Applications, IEEE Systems Journal, Cybersecurity, etc.
My calendar of security conferences: academia and industry. Recently used: CCF Conference Deadlines.
I am maintaining a list of interesting computer security papers and a list of mobile app related software engineering papers.
Security Journals: TIFS (special issues), TDSC (special issues), Computers & Security (special issues), TISSEC and JCS.
Storytelling 101: Writing Tips for Academics (by Nick Feamster)
Computer Security Conference Ranking and Statistic (by Guofei Gu)
Top Crypto and Security Conferences Ranking (by Jianying Zhou)
Top Publication Venues in Computer Science (by Andrew Myers)
ArnetMiner CS Rank: conference rank and organization rank.
CCF Conference and Journal Rankings: Security, Networking, System, and Software Engineering.
Google Scholar Metrics in Computer Security, Computing Systems, Computer Networks, and Software Systems.
Industry Cybersecurity Conference Directory, SKKU seclab | Upcoming Events, and Cipher Call-for-papers.