Daoyuan Wu (吴道远)
Research Assistant Professor

Department of Computer Science and Engineering

The Hong Kong University of Science and Technology

Email: daoyuan [at] cse.ust.hk; dywu [at] ie.cuhk.edu.hk

Gmail: daoyuan0x ORCID | DBLP | Google Scholar

I am currently a Research Assistant Professor at HKUST CSE, with duties for research, teaching, and grant applications. Prior to joining HKUST, I was a Senior Research Fellow at Nanyang Technological University for one year and a Senior Researcher at Huawei HKRC for six months. Before that, I spent three years as a fully independent Research Assistant Professor in the Department of Information Engineering (IE) at The Chinese University of Hong Kong (CUHK). I also served as an Adjunct Assistant Professor at CUHK IE for one year, from 2022 to 2023. Before joining CUHK, I earned Ph.D. in 2019 from Singapore Management University in the School of Computing and Information Systems. My PhD study was generously supported by the Secure Mobile Center PhD Scholarship (as the sole awardee; plus the GRE requirement was waived). Before pursuing my PhD, I received M.Phil. from Department of Computing at Hong Kong Polytechnic University in 2015 and B.E. from Department of Information Security at Nanjing University of Posts and Telecommunications in 2011.

I am always looking for students with persistence and curiosity in AI/LLM;Quantum/Crypto;Blockchain/PL to join AIS2Lab.
Positions available: I currently have one PhD student quota and several grants to support PhD/MPhil/RAs/PostDoc. Pls contact me if you are self-motivated, hard-working, and aiming for an academic career exploring meaningful problems.
I especially welcome talented UG students for MPhil and can train and recommend you for PhD studies at top universities.
For strong PhD applicants, I encourage you to try HKPFS. I also welcome international students for Belt & Road Scholarship.

Research Areas

RAG4Sec: LLM4Vuln, PropertyGPT, CTFAgent, ACFix, and more.
Tune4Sec: iAudit, LLMImitation, DeFiScope, and more.
LLMInternals: FinetuneDataExtraction, BadMoE.
AISafety: SelfDefend, HEDiff, GuidedBench, STShield.
AgentSec: PDoctor, and more.
LLM + Blockchain: GPTScan, BlockScope, ZepScope, SoMo.
LLM + Software: G2Fuzz, DecLLM, and more.
LLM + Mobile: CCF-Huawei Open Research Fund 🏆, BackDroid, MopEye.

Large Language Model and AI Security: LLMs for Cybersecurity; Security of LLMs; AI Safety.
AI/LLM4Sec: CTFAgent [CCS'25], G2Fuzz [USENIX'25], PropertyGPT [NDSS'25, 🏆], iAudit [ICSE'25], DecLLM [ISSTA'25], GPTScan [ICSE'24], ML4AWI [CSUR'24], SideNet [TII'21], LLM4Vuln [arXiv'24], ACFix [arXiv'24], and PTM4AWI [arXiv'24].
AI/LLM-Sec: FinetuneDataExtraction [CCS'25], SelfDefend [USENIX'25], HEDiff [ICSE'25], LLMImitation [ICSE'24], GuidedBench [arXiv'25], STShield [arXiv'25], BadMoE [arXiv'25], and MASLeak [arXiv'25].
AI/LLMQuality: DataScope [OOPSLA'25], Portia [EMNLP'24Main], PDoctor [arXiv'24], MLM4VDL [arXiv'24], and VRPTEST [arXiv'23].
AI/LLM4Edu: ContractTester [one UGC-funded TLIP grant] and iExam [two UGC-funded courseware grants].
Blockchain and Web3 Security: Chain & DeFi Security, Consensus Security, Transaction Compliance.
Blockchain: BlockScope [NDSS'23], MineBlockVuln [FSE'22], and AGChain [DLT'24; funded by CUHK Direct Grant].
Consensus: An ongoing work supported by a Blockchain Academic Research Award 🏆.
Contracts: ZepScope [USENIX'24] and SoMo [ISSTA'23]. LLM-related are listed above.
Transactions: DeFiScope [arXiv'25].
Mobile and Software Security: Static/Dynamic/Vulnerability/Malware/Privacy Analysis; EdgeAI Security.
Mobile: MtdScout [EuroS&P'24], BackDroid [DSN'21; very creative tech, taking years of R&D], Insecure Open Ports [NDSS'19], DSDK Inconsistency [EMSE'21, WASA'17], Insecure PendingIntents [Blackhat Europe'21], IABI Usability Insecurity [RAID'21], VoIP Fuzzing [DIMVA'20], MineAndroVuln [AsiaCCS'19], SCLib [CODASPY'18], UpDroid [WiSec'18], Remote Webview [MoST'15], Local Webview File:// [ISC'14], App Repackaging [TDSC'21], Native Stack [ICISC'15], and ECVDetector [arXiv'14].
Software: GGen [PLDI'25] and LiCA [RAID'22]. LLM-related are listed above.
I am also interested in measuring mobile network performance and web privacy leaks.
MopEye [ATC'17], MopEye Dataset [IWQoS'19], Speedtest Inaccuracy [INFOCOM'15, TMC'17], and AcuteMon [CoNEXT'16].

Publications

Published Papers

P41	Measuring and Augmenting Large Language Models for Solving Capture-the-Flag Challenges CCS '25 Zimo Ji, Daoyuan Wu, Wenyuan Jiang, Pingchuan Ma, Zongjie Li, and Shuai Wang To appear in ACM Conference on Computer and Communications Security (CCS), Taipei, TW, China, 2025.
P40	Differentiation-Based Extraction of Proprietary Data from Fine-tuned LLMs CCS '25 Zongjie Li, Daoyuan Wu, Shuai Wang, and Zhendong Su To appear in ACM Conference on Computer and Communications Security (CCS), Taipei, TW, China, 2025.
P39	Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE) SACMAT '25 Jiaming Yuan, Yingjiu Li, Yangguang Tian, Daoyuan Wu, Jianting Ning, Robert H. Deng, and Jun Li. To appear in ACM Symposium on Access Control Models and Technologies (SACMAT), Stony Brook, NY, USA, 2025.
P38	Divergence-aware Testing of Graphics Shader Compiler Back-ends PLDI '25 Dongwei Xiao, Shuai Wang, Zhibo Liu, Yiteng Peng, Daoyuan Wu, and Zhendong Su. To appear in ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Seoul, South Korea, 2025.
P37	DecLLM: LLM-Augmented Recompilable Decompilation for Enabling Programmatic Use of Decompiled Code ISSTA '25 Wai Kin Wong, Daoyuan Wu, Huaijin Wang, Zongjie Li, Zhibo Liu, Shuai Wang*, Qiyi Tang, Sen Nie, and Shi Wu. To appear in ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Trondheim, Norway, 2025.
P36	API-guided Dataset Synthesis to Finetune Large Code Models OOPSLA '25 Zongjie Li, Daoyuan Wu, Shuai Wang, and Zhendong Su To appear in Proceedings of the ACM on Programming Languages (OOPSLA), Singapore, 2025.
P35	SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner USENIX Security '25 Xunguang Wang, Daoyuan Wu, Zhenlan Ji, Zongjie Li, Pingchuan Ma, Shuai Wang, Yingjiu Li, Yang Liu, Ning Liu, and Juergen Rahmel To appear in USENIX Security Symposium, Seattle, WA, USA, 2025. It completes my earlier vision paper released in February 2024.
P34	Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators USENIX Security '25 Kunpeng Zhang, Zongjie Li, Daoyuan Wu, Shuai Wang, and Xin Xia To appear in USENIX Security Symposium, Seattle, WA, USA, 2025.
P33	PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation NDSS '25 🏆 Ye Liu, Yue Xue#, Daoyuan Wu*, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu In Proc. ISOC Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2025.
P32	Testing and Understanding Deviation Behaviors in FHE-hardened Machine Learning Models ICSE '25 Yiteng Peng, Daoyuan Wu, Zhibo Liu, Dongwei Xiao, Zhenlan Ji, Juergen Rahmel, and Shuai Wang In ACM SIGSOFT International Conference on Software Engineering (ICSE), Ottawa, Ontario, Canada, 2025.
P31	Combining Fine-tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications ICSE '25 Wei Ma, Daoyuan Wu*, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, and Yang Liu In ACM SIGSOFT International Conference on Software Engineering (ICSE), Ottawa, Ontario, Canada, 2025.
P30	AGChain: A Blockchain-based Gateway for Trustworthy App Delegation from Mobile App Markets DLT '24 Mengjie Chen, Xiao Yi#, Daoyuan Wu*, Jianliang Xu, Yingjiu Li, and Debin Gao In ACM Distributed Ledger Technologies: Research and Practice, a new journal to publish high-quality articles on blockchain.
P29	Split and Merge: Aligning Position Biases in LLM-based Evaluators EMNLP '24 Main Zongjie Li, Chaozheng Wang, Pingchuan Ma, Daoyuan Wu, Shuai Wang, Cuiyun Gao, and Yang Liu In the 2024 Conference on Empirical Methods in Natural Language Processing (EMNLP), Miami, Florida, USA, 2024.
P28	Machine Learning for Actionable Warning Identification: A Comprehensive Survey CSUR '24 Xiuting Ge, Chunrong Fang, Xuanye Li, Weisong Sun, Daoyuan Wu, Juan Zhai, Shangwei Lin, Zhihong Zhao, Yang Liu, and Zhenyu Chen In ACM Computing Surveys (CSUR), 2024.
P27	Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts USENIX Security '24 Han Liu, Daoyuan Wu*, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, and Yixiang Chen In USENIX Security Symposium, Philadelphia, PA, USA, 2024.
P26	MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search EuroS&P '24 Zicheng Zhang, Haoyu Ma#, Daoyuan Wu*, Debin Gao, Xiao Yi, Yufan Chen, Yan Wu, and Lingxiao Jiang In IEEE European Symposium on Security and Privacy (EuroS&P), Vienna, Austria, 2024.
P25	GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis ICSE '24 Yuqiang Sun, Daoyuan Wu*, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu In ACM SIGSOFT International Conference on Software Engineering (ICSE), Lisbon, Portugal, 2024.
P24	On Extracting Specialized Code Abilities from Large Language Models: A Feasibility Study ICSE '24 Zongjie Li, Chaozheng Wang, Pingchuan Ma, Chaowei Liu, Shuai Wang, Daoyuan Wu, Cuiyun Gao, and Yang Liu In ACM SIGSOFT International Conference on Software Engineering (ICSE), Lisbon, Portugal, 2024.
P23	Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts ISSTA '23 Yuzhou Fang, Daoyuan Wu, Xiao Yi, Shuai Wang, Yufan Chen, Mengjie Chen, Yang Liu, and Lingxiao Jiang In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, United States, 2023.
P22	BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects NDSS '23 Xiao Yi, Yuzhou Fang, Daoyuan Wu*, and Lingxiao Jiang In Proc. ISOC Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2023. One of the top 13 papers directly accepted over 581 submissions. In this paper, we discovered over 100 vulnerabilities in top blockchains.
P21	An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns FSE '22 Xiao Yi, Daoyuan Wu*, Lingxiao Jiang, Yuzhou Fang, Kehuan Zhang, and Wei Zhang In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Singapore, 2022. The first systematic study about system-level blockchain vulnerabilities, in which we performed the file-, text-, and code-level analysis.
P20	LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework RAID '22 Menghan Sun, Zirui Song, Xiaoxi Ren, Daoyuan Wu, and Kehuan Zhang In the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Limassol, Cyprus, 2022.
P19	On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps RAID '21 Zicheng Zhang, Daoyuan Wu, Lixiang Li, and Debin Gao We identified usability security issues in Facebook, Snapchat, and LinkedIn apps.* In the 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), San Sebastian, Spain, October, 2021.
P18	When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid DSN '21 Daoyuan Wu, Debin Gao, Robert H. Deng, and Rocky K. C. Chang We started programming BackDroid since December 2015. I will keep leading this search-based static analysis project and make it an impactful work. Accepted by Dependable Systems and Networks (DSN) with a high review score; the majority of reviews from NDSS/MobiCom were also positive.
P17	Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing TDSC '21 Haoyu Ma, Shijia Li, Debin Gao, Daoyuan Wu, Qiaowen Jia, and Chunfu Jia In IEEE Transactions on Dependable and Secure Computing.
P16	Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems TII '21 Haoyu Ma, Jianwen Tian, Kefan Qiu, David Lo, Debin Gao, Daoyuan Wu, Chunfu Jia, and Thar Baker In IEEE Transactions on Industrial Informatics.
P15	Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls EMSE '21 Daoyuan Wu, Debin Gao, and David Lo In Springer Empirical Software Engineering. This article extends our preliminary conference version at WASA'17.
P14	Understanding Android VoIP Security: A System-level Vulnerability Assessment DIMVA '20 En He, Daoyuan Wu, and Robert H. Deng We discovered and reported 8 zero-day vulnerabilities in Android VoIP system components. Google acknowledged us with 8 bug bounties.* In Proc. Springer Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Lisboa, Portugal, 2020.
P13	Towards Understanding Android System Vulnerabilities: Techniques and Insights AsiaCCS '19 Daoyuan Wu, Debin Gao, Eric K. T. Cheng, Yichen Cao, Jintao Jiang, and Robert H. Deng In Proc. ACM Asia Conference on Computer and Communications Security (AsiaCCS), Auckland, New Zealand, 2019. (AR = 58/258 = 22%)
P12	An Empirical Study of Mobile Network Behavior and Application Performance in the Wild IWQoS '19 Shiwei Zhang, Weichao Li, Daoyuan Wu, Bo Jin, Rocky K. C. Chang, Debin Gao, Yi Wang, and Ricky K. P. Mok In Proc. IEEE/ACM International Symposium on Quality of Service (IWQoS), Phoenix, USA, 2019. (AR = 42/153 = 27.4%)
P11	Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment NDSS '19 Daoyuan Wu, Debin Gao, Rocky K. C. Chang, En He, Eric K. T. Cheng, and Robert H. Deng In Proc. ISOC Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2019. (AR = 89/521 = 17%)
P10	Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild WiSec '18 Xiaoxiao Tang, Yan Lin, Daoyuan Wu, and Debin Gao In Proc. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Stockholm, Sweden, 2018. (AR = 28/78 = 35.9%)
P9	SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications CODASPY '18 Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, and Robert H. Deng In Proc. ACM Conference on Data and Applications Security and Privacy (CODASPY), Tempe, Arizona, USA, 2018. (8-page short paper)
P8	MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance USENIX ATC '17 Daoyuan Wu, Rocky K. C. Chang, Weichao Li, Eric K. T. Cheng, and Debin Gao One of the 21 highly-ranked papers of ATC'17. It has enabled our IWQoS'19 and WiSec'18 papers, as well as an INFOCOM'19 paper from SJTU. In Proc. USENIX Annual Technical Conference (ATC), Santa Clara, USA, 2017. (An earlier poster version was published on December 1, 2015)
P7	Toward Accurate Network Delay Measurement on Android Phones TMC '17 Weichao Li, Daoyuan Wu, Rocky K. C. Chang, and Ricky K. P. Mok In IEEE Transactions on Mobile Computing, Volume: 17, Issue: 3, 2017. This work extends our INFOCOM'15 paper.
P6	Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps WASA '17 Daoyuan Wu, Ximing Liu, Jiayun Xu, David Lo, and Debin Gao It was originally a course project paper done by the first three authors in April 2016. The journal version has been accepted by EMSE. In Proc. Springer International Conference on Wireless Algorithms, Systems, and Applications (WASA), Guilin, China. (AR = 71/238 = 29.8%)
P5	Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement CoNEXT '16 Weichao Li, Daoyuan Wu, Rocky K. C. Chang, and Ricky K. P. Mok In Proc. ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT), Irvine, California, USA. (AR = 36/196 = 18.4%)
P4	Stack Layout Randomization with Minimal Rewriting of Android Binaries ICISC '15 Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, and Huanguo Zhang In Proc. Springer International Conference on Information Security and Cryptology (ICISC), Seoul, Korea. (AR = 23/84 = 27.4%)
P3	On the Accuracy of Smartphone-based Mobile Network Measurement INFOCOM '15 Weichao Li, Ricky K. P. Mok, Daoyuan Wu, and Rocky K. C. Chang In Proc. IEEE Conference on Computer Communications (INFOCOM), Hong Kong SAR, China. (AR = 316/1,640 = 19.3%)
P2	Indirect File Leaks in Mobile Applications MoST '15 Daoyuan Wu and Rocky K. C. Chang In Proc. IEEE Mobile Security Technologies (MoST), in conjunction with S&P 2015, San Jose, USA. (AR = 10/33 = 30.3%)
P1	Analyzing Android Browser Apps for file:// Vulnerabilities ISC '14 Daoyuan Wu and Rocky K. C. Chang Together with the MoST'15 work, we made a pioneer contribution to the Android and iOS WebView security. In Proc. Springer Information Security Conference (ISC), Hong Kong SAR, China. (Full paper AR = 20/106 = 18.9%)

Technical Reports

R15	IP Leakage Attacks Targeting LLM-Based Multi-Agent Systems arXiv '25 Liwen Wang, Wenxuan Wang, Shuai Wang, Zongjie Li, Zhenlan Ji, Zongyi Lyu, Daoyuan Wu, and Shing-Chi Cheung
R14	BadMoE: Backdooring Mixture-of-Experts LLMs via Optimizing Routing Triggers and Infecting Dormant Experts arXiv '25 Qingyue Wang, Qi Pang, Xixun Lin, Shuai Wang, and Daoyuan Wu
R13	STShield: Single-Token Sentinel for Real-Time Jailbreak Detection in Large Language Models arXiv '25 Xunguang Wang, Wenxuan Wang, Zhenlan Ji, Zongjie Li, Pingchuan Ma, Daoyuan Wu, and Shuai Wang
R12	GuidedBench: Equipping Jailbreak Evaluation with Guidelines arXiv '25 Ruixuan Huang, Xunguang Wang, Zongjie Li, Daoyuan Wu, and Shuai Wang
R11	DeFiScope: Detecting Various DeFi Price Manipulations with LLM Reasoning arXiv '25 Juantao Zhong, Daoyuan Wu#, Ye Liu, Maoyi Xie, Yang Liu, Yi Li, and Ning Liu
R10	Testing and Understanding Erroneous Planning in LLM Agents through Synthesized User Inputs arXiv '24 Zhenlan Ji, Daoyuan Wu, Pingchuan Ma, Zongjie Li, and Shuai Wang
R9	How Multi-Modal LLMs Reshape Visual Deep Learning Testing? A Comprehensive Study Through the Lens of Image Mutation arXiv '24 Liwen Wang, Yuanyuan Yuan, Ao Sun, Zongjie Li, Pingchuan Ma, Daoyuan Wu, and Shuai Wang
R8	ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts arXiv '24 Lyuye Zhang, Kaixuan Li#, Kairan Sun, Daoyuan Wu*, Ye Liu, Haoye Tian, Yang Liu
R7	Pre-trained Model-based Actionable Warning Identification: A Feasibility Study arXiv '24 Xiuting Ge, Chunrong Fang, Quanjun Zhang, Daoyuan Wu, Bowen Yu, Qirui Zheng, An Guo, Shangwei Lin, Zhihong Zhao, Yang Liu, Zhenyu Chen
R6	LLMs Can Defend Themselves Against Jailbreaking in a Practical Manner: A Vision Paper arXiv '24 Daoyuan Wu, Shuai Wang, Yang Liu, and Ning Liu
R5	LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs' Vulnerability Reasoning arXiv '24 Yuqiang Sun, Daoyuan Wu*, Yue Xue, Han Liu, Wei Ma, Lyuye Zhang, Yang Liu, and Yingjiu Li
R4	VRPTEST: Evaluating Visual Referring Prompting in Large Multimodal Models arXiv '23 Zongjie Li, Chaozheng Wang, Chaowei Liu, Pingchuan Ma, Daoyuan Wu, Shuai Wang, and Cuiyun Gao
R3	iExam: A Novel Online Exam Monitoring and Analysis System Based on Face Detection and Recognition arXiv '22 Xu Yang, Daoyuan Wu*, Xiao Yi, Jimmy H. M. Lee, and Tan Lee This is a technical report from the Chinese University of Hong Kong.
R2	MopEye: Monitoring Per-app Network Performance with Zero Measurement Traffic CoNEXT '15 Poster Daoyuan Wu, Weichao Li, Rocky K. C. Chang, and Debin Gao In Proc. ACM CoNEXT Student Workshop Poster, in conjunction with CoNEXT 2015, Heidelberg, Germany.
R1	A Sink-driven Approach to Detecting Exposed Component Vulnerabilities in Android Apps arXiv '14 Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang An old technical report in 2014. I don't have time to revise it anymore.

Invited Talks

T8	Discovering and Investigating Propagated Vulnerabilities from Ethereum to Its Layer-2 Blockchains HITBSecConf '24 In Hack In The Box SecConf, Bangkok, Thailand, 29-30 August 2024.
T7	构建基于大模型的智能漏洞审计引擎 AI Con HK 2024 In AI Con HK, City University of Hong Kong, 24 May 2024.
T6	Proof-of-Work vs. Proof-of-Stake: Insights into Fairness and Governance Sustainability from the Blockchain World Business Sustainability Conference '23 In BSC, Henry Cheng International Conference Centre, CUHK, 3 November 2023.
T5	Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps Blackhat Europe '21 En He, Wenbo Chen, and Daoyuan Wu* In Blackhat Europe, London, UK, 10 November 2021.
T4	Leveraging Automatic Face Recognition for Online Exam Monitoring and Analysis CUHK Expo '21 In CUHK Teaching and Learning Innovation Expo, 29 July 2021.
T3	Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis NJUPT Keynote '19 In the 3rd International Symposium on Big Data Security and Intelligent Processing, Nanjing, China, October 2019. Also in CUHK IE Seminar, Hong Kong SAR, March 2019 and in Wuhan University CSE Seminar, December 2019.
T2	Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications HitCon Pacific '17 In Hacks in Taiwan Conference Pacific, December 2017.
T1	On the Feasibility of Automatically Generating Android Component Hijacking Exploits HitCon '14 In Hacks in Taiwan Conference Community, August 2014.

Teaching

2025 Spring - COMP4541 Blockchain, Cryptocurrencies and Smart Contracts: homepage (within UST) and mirror website.

2022 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (within CUHK) and mirror website (public).

2021 Fall - IERG4130 Introduction to Cyber Security: homepage (within CUHK) and mirror website (public).

Received the Best Teaching Award of the MScIE Programme 2020-2021.

2021 Spring - IEMS5722 Mobile Network Programming and Distributed Server Architecture: homepage and mirror website.

2020 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (within CUHK) and mirror website (public).

2019 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (within CUHK) and mirror website (public).

Team

PhD Students:

Officially advised: Dr. Xiao Yi (2019 - 2023 at CUHK; First job: researcher at Huawei Hong Kong Research Centre).
Unofficially co-advised: Dr. Han Liu (Apr 2023 - Jun 2024 at NTU; First job: postdoc at UST, co-hosted with Prof. Shuai Wang).
Unofficially co-advising: Zicheng Zhang (at SMU since Apr 2020, with gap years; I served as his External Committee Member), Yuqiang Sun (at NTU since Mar 2023), and a group of PhD students at the HKUST Cybersecurity Lab led by Prof. Shuai Wang.

Research Assistants:

Juantao Zhong (at UST/SZ Research Institute since Sep 2024), Wenxin Luo (expect to join in Sep 2025), Sheng Zhang (expect to join in Nov 2025), Yufan Chen (at CityU SZ Research Institute since Feb 2025, co-advised by Prof. Ning Liu), Huinian Yang (remote collaboration since April 2025), Yixuan Yang (remote collaboration since June 2025), and Haoyuan Li (remote collaboration starting from Aug 2025). I am looking for one more full-time RA who (tries to) understand(s) LLM internals.
Senior Security Expert: Yue Xue (Apr 2023 - Apr 2024 at MetaTrust Labs; Next: OKX).
Yuzhou Fang (2021 - 2022 at CUHK; Next: PhD student at USC), Mengjie Chen (2020 - 2021 at CUHK; Next: Mask Network).

Undergraduate Students:

Zimo Ji (at HKUST from May 2024 to May 2025, co-advised with Prof. Shuai Wang).
Yufan Chen (2021 - 2022 at Xidian; Next: SMU), Xu Yang (2021 - 2022 at CUHK; Next: ASTRI).
One FYT (2025-26) student at HKUST, Rulin Chen, who works on Formalizing Consensus Protocols.
Three FYP (2020-22) students at CUHK and Two Co-op FYP (2024-25) students at HKUST.

MSc Students (at CUHK):

2019 - 2020: Mengjie Chen (DLT'24; Next: CUHK), Lixiang Li (RAID'21; Next: miHoYo), Ming Fang (helped EuroS&P'24; Next: Alibaba), Weiyan Xiong (helped FSE'22; Next: SAP China).
2020 - 2021: Yan Wu (EuroS&P'24; Next: Morgan Stanley China), Siqin Li (explored FPS security).
2021 - 2022: Lu Zhang (helped MagicCrypto; Next: OKX Hong Kong).

Collaborators

(Only faculty members with whom I have formal co-publications are listed.)

Singapore:

Chair Prof. Yang Liu (hosted my Senior Research Fellow position at NTU); Prof. Debin Gao (my PhD advisor); Chair Prof. Robert Deng (my PhD co-advisor); Chair Prof. David Lo; Prof. Lingxiao Jiang; Assoc Prof. Yi Li; Assoc Prof. Shang-Wei Lin; Asst Prof. Xiaofei Xie.

Hong Kong SAR:

Assoc Prof. Shuai Wang (hosted my RAP position at UST, with support from university’s matching fund); Assoc Prof. Ning Liu; Prof. Kehuan Zhang; Prof. Xiapu Luo (my MPhil co-advisor at PolyU).

Professional Services

Conference Program Committee:

USENIX Security 2026, NDSS 2026, CCS 2025 (Blockchain track), USENIX Security 2025, NDSS 2025, ISSTA 2025, ICSE 2025, CCS 2024 (Software track), ACSAC 2024, RAID 2024, AsiaCCS 2024, ICICS 2024, RAID 2023, ICICS 2023, ICICS 2021, and NOMS 2018.

Conference Shepherd:

NDSS 2025 (for this paper), CCS 2024 (for this paper), RAID 2023 (for this paper), and ICICS 2021 (for this paper).

Workshop Program Committee:

SVM 2025 (co-located with ICSE 2025) and AISTA 2024 (co-located with ISSRE 2024).

Journal Reviewer:

ACM Transactions on Privacy and Security, ACM Transactions on Software Engineering and Methodology, IEEE Transactions on Information Forensics and Security, IEEE Transactions on Dependable and Secure Computing, IEEE Transactions on Software Engineering, IEEE Transactions on Mobile Computing, IEEE Transactions on Services Computing, Computers & Security, Journal of Systems and Software, Journal of Information Security and Applications, IEEE Systems Journal, Cybersecurity, etc.

Useful Links

My calendar of security conferences: academia and industry. Recently used: CCF Conference Deadlines.

I was maintaining a list of interesting computer security papers and a list of mobile app related software engineering papers.

Security Journals: TIFS (special issues), TDSC (special issues), Computers & Security (special issues), TISSEC, and JCS.

Top Journals (our next targets): Nature Communications, PNAS, Science, and Nature.

PolyU's Corpus of Research Articles.

The Elements of Style (by Strunk and White).

Writing a technical paper (by Michael Ernst).

Storytelling 101: Writing Tips for Academics (by Nick Feamster).

Top Publication Venues in Computer Science (by Andrew Myers).

ArnetMiner CS Rank: conference rank and organization rank.

CCF Conference and Journal Rankings: AI, Security, Networking, System, and Software Engineering.

Google Scholar Metrics in AI, Computer Security, Computing Systems, Computer Networks, and Software Systems.

Daoyuan Wu (吴道远) Research Assistant Professor

Research Areas

Publications

Published Papers

Measuring and Augmenting Large Language Models for Solving Capture-the-Flag Challenges CCS '25

Differentiation-Based Extraction of Proprietary Data from Fine-tuned LLMs CCS '25

Leakage-Resilient Easily Deployable and Efficiently Searchable Encryption (EDESE) SACMAT '25

Divergence-aware Testing of Graphics Shader Compiler Back-ends PLDI '25

DecLLM: LLM-Augmented Recompilable Decompilation for Enabling Programmatic Use of Decompiled Code ISSTA '25

API-guided Dataset Synthesis to Finetune Large Code Models OOPSLA '25

SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner USENIX Security '25

Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators USENIX Security '25

PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation NDSS '25 🏆

Testing and Understanding Deviation Behaviors in FHE-hardened Machine Learning Models ICSE '25

Combining Fine-tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications ICSE '25

AGChain: A Blockchain-based Gateway for Trustworthy App Delegation from Mobile App Markets DLT '24

Split and Merge: Aligning Position Biases in LLM-based Evaluators EMNLP '24 Main

Machine Learning for Actionable Warning Identification: A Comprehensive Survey CSUR '24

Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts USENIX Security '24

MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search EuroS&P '24

GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis ICSE '24

On Extracting Specialized Code Abilities from Large Language Models: A Feasibility Study ICSE '24

Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts ISSTA '23

BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects NDSS '23

An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns FSE '22

LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework RAID '22

On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps RAID '21

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid DSN '21

Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing TDSC '21

Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems TII '21

Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls EMSE '21

Understanding Android VoIP Security: A System-level Vulnerability Assessment DIMVA '20

Towards Understanding Android System Vulnerabilities: Techniques and Insights AsiaCCS '19

An Empirical Study of Mobile Network Behavior and Application Performance in the Wild IWQoS '19

Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment NDSS '19

Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild WiSec '18

SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications CODASPY '18

MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance USENIX ATC '17

Toward Accurate Network Delay Measurement on Android Phones TMC '17

Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps WASA '17

Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement CoNEXT '16

Stack Layout Randomization with Minimal Rewriting of Android Binaries ICISC '15

On the Accuracy of Smartphone-based Mobile Network Measurement INFOCOM '15

Indirect File Leaks in Mobile Applications MoST '15

Analyzing Android Browser Apps for file:// Vulnerabilities ISC '14

Technical Reports

IP Leakage Attacks Targeting LLM-Based Multi-Agent Systems arXiv '25

BadMoE: Backdooring Mixture-of-Experts LLMs via Optimizing Routing Triggers and Infecting Dormant Experts arXiv '25

STShield: Single-Token Sentinel for Real-Time Jailbreak Detection in Large Language Models arXiv '25

GuidedBench: Equipping Jailbreak Evaluation with Guidelines arXiv '25

DeFiScope: Detecting Various DeFi Price Manipulations with LLM Reasoning arXiv '25

Testing and Understanding Erroneous Planning in LLM Agents through Synthesized User Inputs arXiv '24

How Multi-Modal LLMs Reshape Visual Deep Learning Testing? A Comprehensive Study Through the Lens of Image Mutation arXiv '24

ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts arXiv '24

Pre-trained Model-based Actionable Warning Identification: A Feasibility Study arXiv '24

LLMs Can Defend Themselves Against Jailbreaking in a Practical Manner: A Vision Paper arXiv '24

LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs' Vulnerability Reasoning arXiv '24

VRPTEST: Evaluating Visual Referring Prompting in Large Multimodal Models arXiv '23

iExam: A Novel Online Exam Monitoring and Analysis System Based on Face Detection and Recognition arXiv '22

MopEye: Monitoring Per-app Network Performance with Zero Measurement Traffic CoNEXT '15 Poster

A Sink-driven Approach to Detecting Exposed Component Vulnerabilities in Android Apps arXiv '14

Invited Talks

Discovering and Investigating Propagated Vulnerabilities from Ethereum to Its Layer-2 Blockchains HITBSecConf '24

构建基于大模型的智能漏洞审计引擎 AI Con HK 2024

Proof-of-Work vs. Proof-of-Stake: Insights into Fairness and Governance Sustainability from the Blockchain World Business Sustainability Conference '23

Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps Blackhat Europe '21

Leveraging Automatic Face Recognition for Online Exam Monitoring and Analysis CUHK Expo '21

Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis NJUPT Keynote '19

Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications HitCon Pacific '17

On the Feasibility of Automatically Generating Android Component Hijacking Exploits HitCon '14