Daoyuan Wu
Research Assistant Professor

Department of Computer Science and Engineering

The Hong Kong University of Science and Technology

Email: daoyuan [at] cse.ust.hk; dywu [at] ie.cuhk.edu.hk

Gmail: daoyuan0x DBLP | Google Scholar


I am currently a Research Assistant Professor (PhD Supervisor, with duties including grant application and teaching) at HKUST CSE. I work closely with Prof. Shuai Wang and his students. Prior to joining HKUST, I was a Senior Research Fellow at Nanyang Technological University (NTU) for one year, working with Prof. Yang Liu on LLM-driven Web3 Security. Before that, I spent six months as a Senior Researcher at Huawei Hong Kong Research Centre and three years as a Research Assistant Professor in the Department of Information Engineering, The Chinese University of Hong Kong (CUHK). I also served as an Adjunct Assistant Professor at CUHK IE from 2022 to 2023. Before CUHK, I earned Ph.D. in 2019 from Singapore Management University (SMU) in the School of Computing and Information Systems. My PhD study was generously supported by the Secure Mobile Center (SMC) PhD Scholarship (the only awardee; plus that GRE was wavied). Before pursuing my PhD, I received M.Phil. from Department of Computing at The Hong Kong Polytechnic University in 2015 and B.E. from Department of Information Security at Nanjing University of Posts and Telecommunications in 2011.

My research focuses on three areas: (i) Large Language Model and AI Security, (ii) Blockchain and FinTech Security, and (iii) Mobile and Software Security. Over the years, I have made the following representative works:

  • RAG4Sec: the first to exploit the concept of RAG or its variant for cybersecurity tasks, including LLM4Vuln [arXiv'24] for vulnerability detection (via GPT-summarized knowledge), PropertyGPT [NDSS'25] for formal verification (via example-based ICL), ACFix [arXiv'24] for vulnerability repair (via mined common practice), and more.

  • GPTScan: the first [ICSE'24] to deeply connect LLM with static analysis, opening door to sound LLM-based code analysis.

  • SelfDefend: the first generic LLM jailbreak defense framework that allows LLMs to defend themselves in a practical manner.

  • Tune4Sec: customized tuning for cybersecurity tasks, including iAudit [ICSE'25] by combining fine-tuning and LLM agents, LLMImitation [ICSE'24] for code model imitation, PTM4AWI [arXiv'24] for Actionable Warning Identification (AWI), and more.

  • BlockScope: a search-based patch vs. code similarity analysis tool [NDSS'23] for discovering 100+ vulnerabilities in top blockchains, including Dogecoin (new CVE-2021-37491), Binance's BSC Chain (a bug bounty), and Optimism/Base/Mantle.

  • AC4Web3: the first to study access control bugs in OpenZeppelin [USENIX'24] and customized function modifiers [ISSTA'23].

  • BackDroid: a very creative search-based CG technique, on-the-fly bytecode search, to address a fundamental limitation in Android app analysis. It enables usage in Open Ports [NDSS'19], MtdScout [EuroS&P'24], and DSDK [EMSE'21, WASA'17].

  • MopEye: the first non-intrusive crowdsourcing app MopEye [ATC'17] for security and networking research, leading to further work on AcuteMon [CoNEXT'16], UpDroid [WiSec'18], Dataset [IWQoS'19], NetMon [NDSS'19], and SideNet [TII'21].

  • A pioneering contribution to Android Component security (60+ CVEs) and WebView security (e.g., CVE-2014-7224 for Android and CVE-2015-5921 for iOS) with an ITF grant, Local [ISC'14] and Remote Attacks [MoST'15], and IABI Usability [RAID'21].

I am looking for highly self-motivated students (PhD/MPhil/RA) with expertise in AI;Blockchain;PL/Fuzzing to join VPRLab.
Strong PhD candidates are welcome to contact my close collaborators: Prof. Yang Liu, Prof. Shuai Wang, Prof. Debin Gao,
Prof. Yingjiu Li, Prof. Robert Deng, Prof. Lingxiao Jiang, Prof. David Lo, and Prof. Kehuan Zhang. I can help recommend.


Research Areas


Publications

Published Papers

P32

PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation NDSS '25

Ye Liu, Yue Xue#, Daoyuan Wu*, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu
To appear in Proc. ISOC Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2025.

P31

Testing and Understanding Deviation Behaviors in FHE-hardened Machine Learning Models ICSE '25

Yiteng Peng, Daoyuan Wu*, Zhibo Liu, Dongwei Xiao, Zhenlan Ji, Juergen Rahmel, and Shuai Wang*
To appear in ACM SIGSOFT International Conference on Software Engineering (ICSE), Ottawa, Ontario, Canada, 2025.

P30

Combining Fine-tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications ICSE '25

Wei Ma, Daoyuan Wu*, Yuqiang Sun, Tianwen Wang, Shangqing Liu, Jian Zhang, Yue Xue, and Yang Liu
To appear in ACM SIGSOFT International Conference on Software Engineering (ICSE), Ottawa, Ontario, Canada, 2025.

P29

Split and Merge: Aligning Position Biases in LLM-based Evaluators EMNLP '24 Main

Zongjie Li, Chaozheng Wang, Pingchuan Ma, Daoyuan Wu*, Shuai Wang*, Cuiyun Gao, and Yang Liu
To appear in the 2024 Conference on Empirical Methods in Natural Language Processing (EMNLP), Miami, Florida, USA, 2025.

P28

Machine Learning for Actionable Warning Identification: A Comprehensive Survey CSUR '24

Xiuting Ge, Chunrong Fang, Xuanye Li, Weisong Sun, Daoyuan Wu, Juan Zhai, Shangwei Lin, Zhihong Zhao, Yang Liu, and Zhenyu Chen
In ACM Computing Surveys (CSUR), 2024.

P27

Using My Functions Should Follow My Checks: Understanding and Detecting Insecure OpenZeppelin Code in Smart Contracts USENIX Security '24

Han Liu, Daoyuan Wu*, Yuqiang Sun, Haijun Wang, Kaixuan Li, Yang Liu, and Yixiang Chen
In USENIX Security Symposium, Philadelphia, PA, USA, 2024.

P26

MtdScout: Complementing the Identification of Insecure Methods in Android Apps via Source-to-Bytecode Signature Generation and Tree-based Layered Search EuroS&P '24

Zicheng Zhang, Haoyu Ma#, Daoyuan Wu*, Debin Gao, Xiao Yi, Yufan Chen, Yan Wu, and Lingxiao Jiang
In IEEE European Symposium on Security and Privacy (EuroS&P), Vienna, Austria, 2024.

P25

GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis ICSE '24

Yuqiang Sun, Daoyuan Wu*, Yue Xue, Han Liu, Haijun Wang, Zhengzi Xu, Xiaofei Xie, and Yang Liu
In ACM SIGSOFT International Conference on Software Engineering (ICSE), Lisbon, Portugal, 2024.

P24

On Extracting Specialized Code Abilities from Large Language Models: A Feasibility Study ICSE '24

Zongjie Li, Chaozheng Wang, Pingchuan Ma, Chaowei Liu, Shuai Wang*, Daoyuan Wu*, Cuiyun Gao, and Yang Liu
In ACM SIGSOFT International Conference on Software Engineering (ICSE), Lisbon, Portugal, 2024.

P23

Beyond “Protected” and “Private”: An Empirical Security Analysis of Custom Function Modifiers in Smart Contracts ISSTA '23

Yuzhou Fang, Daoyuan Wu*, Xiao Yi, Shuai Wang*, Yufan Chen, Mengjie Chen, Yang Liu, and Lingxiao Jiang
In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Seattle, United States, 2023.

P22

BlockScope: Detecting and Investigating Propagated Vulnerabilities in Forked Blockchain Projects NDSS '23

Xiao Yi, Yuzhou Fang, Daoyuan Wu*, and Lingxiao Jiang
In Proc. ISOC Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2023.
One of the top 13 papers directly accepted over 581 submissions. In this paper, we discovered over 100 vulnerabilities in top blockchains.

P21

An Empirical Study of Blockchain System Vulnerabilities: Modules, Types, and Patterns FSE '22

Xiao Yi, Daoyuan Wu*, Lingxiao Jiang, Yuzhou Fang, Kehuan Zhang, and Wei Zhang
In ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Singapore, 2022.
The first systematic study about system-level blockchain vulnerabilities, in which we performed the file-, text-, and code-level analysis.

P20

LiCA: A Fine-grained and Path-sensitive Linux Capability Analysis Framework RAID '22

Menghan Sun, Zirui Song, Xiaoxi Ren, Daoyuan Wu, and Kehuan Zhang
In the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Limassol, Cyprus, 2022.

P19

On the Usability (In)Security of In-App Browsing Interfaces in Mobile Apps RAID '21

Zicheng Zhang, Daoyuan Wu*, Lixiang Li, and Debin Gao
We identified usability security issues in Facebook, Snapchat, and LinkedIn apps.
In the 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), San Sebastian, Spain, October, 2021.

P18

When Program Analysis Meets Bytecode Search: Targeted and Efficient Inter-procedural Analysis of Modern Android Apps in BackDroid DSN '21

Daoyuan Wu, Debin Gao, Robert H. Deng, and Rocky K. C. Chang
We started programming BackDroid since December 2015. I will keep leading this search-based static analysis project and make it an impactful work.
Accepted by Dependable Systems and Networks (DSN) with a high review score; The majority of earlier reviews from NDSS/MobiCom were also positive.

P17

Active Warden Attack: On the (In)Effectiveness of Android App Repackage-Proofing TDSC '21

Haoyu Ma, Shijia Li, Debin Gao, Daoyuan Wu, Qiaowen Jia, and Chunfu Jia
In IEEE Transactions on Dependable and Secure Computing.

P16

Deep-Learning-Based App Sensitive Behavior Surveillance for Android Powered Cyber-Physical Systems TII '21

Haoyu Ma, Jianwen Tian, Kefan Qiu, David Lo, Debin Gao, Daoyuan Wu, Chunfu Jia, and Thar Baker
In IEEE Transactions on Industrial Informatics.

P15

Scalable Online Vetting of Android Apps for Measuring Declared SDK Versions and Their Consistency with API Calls EMSE '21

Daoyuan Wu, Debin Gao, and David Lo
In Springer Empirical Software Engineering. This article extends our preliminary conference version at WASA'17.

P14

Understanding Android VoIP Security: A System-level Vulnerability Assessment DIMVA '20

En He, Daoyuan Wu*, and Robert H. Deng
We discovered and reported 8 zero-day vulnerabilities in Android VoIP system components. Google acknowledged us with 8 bug bounties.
In Proc. Springer Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), Lisboa, Portugal, 2020.

P13

Towards Understanding Android System Vulnerabilities: Techniques and Insights AsiaCCS '19

Daoyuan Wu, Debin Gao, Eric K. T. Cheng, Yichen Cao, Jintao Jiang, and Robert H. Deng
In Proc. ACM Asia Conference on Computer and Communications Security (AsiaCCS), Auckland, New Zealand, 2019. (AR = 58/258 = 22%)

P12

An Empirical Study of Mobile Network Behavior and Application Performance in the Wild IWQoS '19

Shiwei Zhang, Weichao Li, Daoyuan Wu, Bo Jin, Rocky K. C. Chang, Debin Gao, Yi Wang, and Ricky K. P. Mok
In Proc. IEEE/ACM International Symposium on Quality of Service (IWQoS), Phoenix, USA, 2019. (AR = 42/153 = 27.4%)

P11

Understanding Open Ports in Android Applications: Discovery, Diagnosis, and Security Assessment NDSS '19

Daoyuan Wu, Debin Gao, Rocky K. C. Chang, En He, Eric K. T. Cheng, and Robert H. Deng
In Proc. ISOC Network and Distributed System Security Symposium (NDSS), San Diego, USA, 2019. (AR = 89/521 = 17%)

P10

Towards Dynamically Monitoring Android Applications on Non-rooted Devices in the Wild WiSec '18

Xiaoxiao Tang, Yan Lin, Daoyuan Wu, and Debin Gao
In Proc. ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Stockholm, Sweden, 2018. (AR = 28/78 = 35.9%)

P9

SCLib: A Practical and Lightweight Defense against Component Hijacking in Android Applications CODASPY '18

Daoyuan Wu, Yao Cheng, Debin Gao, Yingjiu Li, and Robert H. Deng
In Proc. ACM Conference on Data and Applications Security and Privacy (CODASPY), Tempe, Arizona, USA, 2018. (8-page short paper)

P8

MopEye: Opportunistic Monitoring of Per-app Mobile Network Performance USENIX ATC '17

Daoyuan Wu, Rocky K. C. Chang, Weichao Li, Eric K. T. Cheng, and Debin Gao
One of the 21 highly-ranked papers of ATC'17. It has enabled our IWQoS'19 and WiSec'18 papers, as well as an INFOCOM'19 paper from SJTU.
In Proc. USENIX Annual Technical Conference (ATC), Santa Clara, USA, 2017. (An earlier poster version was published on December 1, 2015)

P7

Toward Accurate Network Delay Measurement on Android Phones TMC '17

Weichao Li, Daoyuan Wu, Rocky K. C. Chang, and Ricky K. P. Mok
In IEEE Transactions on Mobile Computing, Volume: 17, Issue: 3, 2017. This work extends our INFOCOM'15 paper.

P6

Measuring the Declared SDK Versions and Their Consistency with API Calls in Android Apps WASA '17

Daoyuan Wu, Ximing Liu, Jiayun Xu, David Lo, and Debin Gao
It was originally a course project paper done by the first three authors in April 2016. The journal version has been accepted by EMSE.
In Proc. Springer International Conference on Wireless Algorithms, Systems, and Applications (WASA), Guilin, China. (AR = 71/238 = 29.8%)

P5

Demystifying and Puncturing the Inflated Delay in Smartphone-based WiFi Network Measurement CoNEXT '16

Weichao Li, Daoyuan Wu, Rocky K. C. Chang, and Ricky K. P. Mok
In Proc. ACM Conference on emerging Networking EXperiments and Technologies (CoNEXT), Irvine, California, USA. (AR = 36/196 = 18.4%)

P4

Stack Layout Randomization with Minimal Rewriting of Android Binaries ICISC '15

Yu Liang, Xinjie Ma, Daoyuan Wu, Xiaoxiao Tang, Debin Gao, Guojun Peng, Chunfu Jia, and Huanguo Zhang
In Proc. Springer International Conference on Information Security and Cryptology (ICISC), Seoul, Korea. (AR = 23/84 = 27.4%)

P3

On the Accuracy of Smartphone-based Mobile Network Measurement INFOCOM '15

Weichao Li, Ricky K. P. Mok, Daoyuan Wu, and Rocky K. C. Chang
In Proc. IEEE Conference on Computer Communications (INFOCOM), Hong Kong SAR, China. (AR = 316/1,640 = 19.3%)

P2

Indirect File Leaks in Mobile Applications MoST '15

Daoyuan Wu and Rocky K. C. Chang
In Proc. IEEE Mobile Security Technologies (MoST), in conjunction with S&P 2015, San Jose, USA. (AR = 10/33 = 30.3%)

P1

Analyzing Android Browser Apps for file:// Vulnerabilities ISC '14

Daoyuan Wu and Rocky K. C. Chang
Together with the MoST'15 work, we made a pioneer contribution to the Android and iOS WebView security.
In Proc. Springer Information Security Conference (ISC), Hong Kong SAR, China. (Full paper AR = 20/106 = 18.9%)

Technical Reports

R13

API-guided Dataset Synthesis to Finetune Large Code Models arXiv '24

Zongjie Li, Daoyuan Wu*, Shuai Wang*, and Zhendong Su

R12

SelfDefend: LLMs Can Defend Themselves against Jailbreaking in a Practical Manner arXiv '24

Xunguang Wang, Daoyuan Wu*, Zhenlan Ji, Zongjie Li, Pingchuan Ma, Shuai Wang*, Yingjiu Li, Yang Liu, Ning Liu, and Juergen Rahmel
This article completes its earlier vision paper.

R11

Testing and Understanding Erroneous Planning in LLM Agents through Synthesized User Inputs arXiv '24

Zhenlan Ji, Daoyuan Wu*, Pingchuan Ma, Zongjie Li, and Shuai Wang*

R10

Benchmarking Multi-Modal LLMs for Testing Visual Deep Learning Systems Through the Lens of Image Mutation arXiv '24

Liwen Wang, Yuanyuan Yuan, Ao Sun, Zongjie Li, Pingchuan Ma, Daoyuan Wu, and Shuai Wang

R9

ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts arXiv '24

Lyuye Zhang, Kaixuan Li#, Kairan Sun, Daoyuan Wu*, Ye Liu, Haoye Tian, Yang Liu

R8

Pre-trained Model-based Actionable Warning Identification: A Feasibility Study arXiv '24

Xiuting Ge, Chunrong Fang, Quanjun Zhang, Daoyuan Wu, Bowen Yu, Qirui Zheng, An Guo, Shangwei Lin, Zhihong Zhao, Yang Liu, Zhenyu Chen

R7

LLMs Can Defend Themselves Against Jailbreaking in a Practical Manner: A Vision Paper arXiv '24

Daoyuan Wu, Shuai Wang, Yang Liu, and Ning Liu

R6

LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs' Vulnerability Reasoning arXiv '24

Yuqiang Sun, Daoyuan Wu*, Yue Xue, Han Liu, Wei Ma, Lyuye Zhang, Yang Liu, and Yingjiu Li

R5

VRPTEST: Evaluating Visual Referring Prompting in Large Multimodal Models arXiv '23

Zongjie Li, Chaozheng Wang, Chaowei Liu, Pingchuan Ma, Daoyuan Wu*, Shuai Wang*, and Cuiyun Gao

R4

iExam: A Novel Online Exam Monitoring and Analysis System Based on Face Detection and Recognition arXiv '22

Xu Yang, Daoyuan Wu*, Xiao Yi, Jimmy H. M. Lee, and Tan Lee
This is a technical report from the Chinese University of Hong Kong.

R3

AGChain: A Blockchain-based Gateway for Permanent, Distributed, and Secure App Delegation from Existing Mobile App Markets arXiv '21

Mengjie Chen, Daoyuan Wu*, Xiao Yi, and Jianliang Xu
We proposed the first decentralized and practical app market called AGChain, which works with existing app markets as well.

R2

MopEye: Monitoring Per-app Network Performance with Zero Measurement Traffic CoNEXT '15 Poster

Daoyuan Wu, Weichao Li, Rocky K. C. Chang, and Debin Gao
In Proc. ACM CoNEXT Student Workshop Poster, in conjunction with CoNEXT 2015, Heidelberg, Germany.

R1

A Sink-driven Approach to Detecting Exposed Component Vulnerabilities in Android Apps arXiv '14

Daoyuan Wu, Xiapu Luo, and Rocky K. C. Chang
An old technical report in 2014. I don't have time to revise it anymore.

Invited Talks

T8

Discovering and Investigating Propagated Vulnerabilities from Ethereum to Its Layer-2 Blockchains HITBSecConf '24

In Hack In The Box SecConf, Bangkok, Thailand, 29-30 August 2024.

T7

构建基于大模型的智能漏洞审计引擎 AICon HK 2024

In City University of Hong Kong, 24 May 2024.

T6

Proof-of-Work vs. Proof-of-Stake: Insights into Fairness and Governance Sustainability from the Blockchain World Business Sustainability Conference '23

In Henry Cheng International Conference Centre, CUHK, 3 November 2023.

T5

Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps Blackhat Europe '21

En He, Wenbo Chen, and Daoyuan Wu*
In Blackhat Europe, London, UK, 10 November 2021.

T4

Leveraging Automatic Face Recognition for Online Exam Monitoring and Analysis CUHK Expo '21

In CUHK Teaching and Learning Innovation Expo, 29 July 2021.

T3

Boosting Android Security through App-, Network-, and System-level Vulnerability Analysis NJUPT Keynote '19

In the 3rd International Symposium on Big Data Security and Intelligent Processing, Nanjing, China, October 2019.
Also in CUHK IE Seminar, Hong Kong SAR, March 2019 and in Wuhan University CSE Seminar, December 2019.

T2

Cross-Platform Analysis of Indirect File Leaks in Android and iOS Applications HitCon Pacific '17

In Hacks in Taiwan Conference Pacific, December 2017.

T1

On the Feasibility of Automatically Generating Android Component Hijacking Exploits HitCon '14

In Hacks in Taiwan Conference Community, August 2014.


Teaching

  • 2025 Spring - COMP4541 Blockchain, Cryptocurrencies and Smart Contracts: to teach at HKUST in February 2025.

  • 2022 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).

  • 2021 Fall - IERG4130 Introduction to Cyber Security: homepage (only in CUHK) and mirror website (public).

  • Received the Best Teaching Award of the MScIE Programme 2020-2021.

  • 2021 Spring - IEMS5722 Mobile Network Programming and Distributed Server Architecture: homepage and mirror website.

  • 2020 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).

  • 2019 Fall - IEMS5710 Cryptography, Information Security and Privacy: homepage (only in CUHK) and mirror website (public).


Team

PhD Students:

Research Assistants:

Undergraduate Students:

MSc Students (at CUHK):


Professional Services

Conference Program Committee:

Conference Shepherd:

Workshop Program Committee:

Journal Reviewer:


Useful Links