Want to cite my work? Check this BibTex file.
Conference and Workshop Papers
- [ISSTA'25] Xuezixiang Li, Sheng Yu, and Heng Yin, ALMOND: Learning an Assembly Language Model for 0-Shot Code Obfuscation Detection, to appear in the ACM SIGSOFT International Symposium on Software Testing and Analysis, June 2025.
- [ISSTA'24] Yuxin Qiu, Jie Hu, Qian Zhang, and Heng Yin, Calico: Automated Knowledge Calibration and Diagnosis for Elevating AI Mastery in Code Tasks, in the ACM SIGSOFT International Symposium on Software Testing and Analysis, September 2024.
- [USENIX Security'24] Zhenxiao Qi, Jie Hu, Zhaoqi Xiao, and Heng Yin, SymFit: Making the Common (Concrete) Case Fast for Binary-Code Concolic Execution, in the 33rd USENIX Security Symposium, August 2024.
- [DSN'24] Sheng Yu, Wei Song, Xunchao Hu, and Heng Yin, On the Correctness of Metadata-based SBOM Generation: A Differential Analysis Approach, in the 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, June 2024.
Distinguished Best Paper Award
- [ICSE'24] Jie Hu, Yue Duan, and Heng Yin, Marco: A Stochastic and Asynchronous Concolic Explorer, in the 46th International Conference on Software Engineering, April 2024.
- [NDSS'24] Lian Gao, Yu Qu, Sheng Yu, Yue Duan, and Heng Yin, SigmaDiff: Semantics-Aware Deep Graph Matching for Pseudocode Diffing, in the Network and Distributed System Security Symposium, February 2024.
- [ACSAC'22] Yiru Zhao, Xiaoke Wang, Lei Zhao, Yueqiang Cheng, and Heng Yin, Alphuzz: Monte Carlo Search on Seed-Mutation Tree for Coverage-Guided Fuzzing, in the Annual Computer Security Applications Conference, December 2022.
- [ASE'22] Emilio Coppa, Heng Yin, and Camil Demetrescu, SymFusion: Hybrid Instrumentation for Concolic Execution, in the 37th IEEE/ACM International Confernce on Automated Software Engineering, October 2022.
- [USENIX Security'22] Ju Chen, Wookhyun Han, Mingjun Yin, Haochen Zeng, Chengyu Song, Byoungyong Lee, Heng Yin, and Insik Shin, SymSan: Time and Space Efficient Concolic Execution via Dynamic Data-Flow Analysis, in the 31st USENIX Security Symposium, August 2022.
- [USENIX Security'22] Sheng Yu, Yu Qu, Xunchao Hu, and Heng Yin, DeepDi: Learning a Relational Graph Convolutional Network Model on Instructions for Fast and Accurate Disassembly, in the 31st USENIX Security Symposium, August 2022.
- [S&P'22] Ju Chen, Jinghan Wang, Chengyu Song, and Heng Yin, JIGSAW: Efficient and Scalable Path Constraints Fuzzing, in the 43rd IEEE Symposium on Security and Privacy, May 2022.
- [AsiaCCS'22] Wei Song, Xuezixiang Li, Sadia Afroz, Deepali Garg, Dmitry Kuznetsov, and Heng Yin, MAB-Malware: A Reinforcement Learning Framework for Blackbox Generation of Adversarial Malware, in the 17th ACM ASIA Conference on Computer and Communications Security, May 2022.
- [NDSS'22] Zhenxiao Qi, Yu Qu, and Heng Yin, LogicMem: Automatic Profile Generation for Binary-Only Memory Forensics via Logic Inference, in the Network an Distributed system Security symposium, February 2022.
- [CCS'21] Xuezixiang Li, Yu Qu, and Heng Yin, PalmTree: Learning an Assembly Language Model for Instruction Embedding, to appear in the ACM Confernece on Computer and Communications Security, November 2021.
- [USENIX Security'21] Yousra Aafer, Wei You, Yi Sun, Yu Shi, Xiangyu Zhang, and Heng Yin, Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing, in the 30th USENIX Security Symposium, August 2021.
- [NDSS'21] Zhenxiao Qi, Qian Feng, Yueqiang Cheng, Mengjia Yan, Peng Li, Heng Yin, and Tao Wei, SpecTaint: Speculative Taint Analysis for Discovering Spectre Gadgets, in the Network and Distributed System Security Symposium, February 2021.
- [NDSS'21] Jinghan Wang, Chengyu Song, and Heng Yin, Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing, in the Network and Distributed System Security Symposium, February 2021.
- [CCS'20] Lei Zhao, Yuncong Zhu, Jiang Ming, Yichen Zhang, Haotian Zhang, and Heng Yin, PatchScope: Memory Object Centric Patch Diffing, in the ACM Conference on Computer and Communications Security, November 2020.
- [SecureComm'20] Yu Jiang, Ruixuan Li, Junwei Tang, Ali Davanian, and Heng Yin, AOMDroid: Detecting Obfuscation Variants of Android Malware Using Transfer Learning, in the 16th EAI International Conference of Security and Privacy in Communication Networks, October 2020.
- [SACMAT'20] Deshun Dai, Ruixuan Li, Junwei Tang, Ali Davanian, and Heng Yin, Parallel Space Traveling: A Security Analysis of App-Level Virtualization in Android, in the 25th ACM Symposium on Access Control Models and Technologies, June 2020.
- [DSN'20] Qiang Guan, Xunchao Hu, Terence Grove, Bo Fang, Hailong Jiang, Heng Yin, and Nathan DeBardeleben, Chaser: An Enhanced Fault Injection Tool for Tracing Soft Errors in MPI Applications, in the 50th IEEE/IFIP International Conference on Dependable Systems and Networks, June 2020.
- [ASPLOS'20] Pan Zhang, Chengyu Song, Heng Yin, Deqing Zou, Elaine Shi and Hai Jin, KLOTSKI: Efficient Obfuscated Execution against Controlled-Channel Attacks, in International Conference on Architectural Support for Programming Languages and Operating Systems, March 2020.
- [NDSS'20] Yue Duan, Xuezixiang Li, Jinghan Wang, and Heng Yin, DeepBinDiff: Learning Program-Wide Code Representations for Binary Diffing, in the Network and Distributed System Security Symposium, Feburary 2020 (Acceptance rate: 17.4%).
- [SecureComm'19] Xunchao Hu, Brian Testa, and Heng Yin, ChaffyScript: Vulnerability-Agnostic Defense of JavaScript Exploits via Memory Perturbation, in the 15th EAI International Conference on Security and Privacy in Communication Networks, October 2019.
- [RAID'19] Jinghan Wang, Yue Duan, Wei Song, Heng Yin, and Chengyu Song, Be Sensitive and Collaborative: Analyzing Impact of Coverage Metrics in Greybox Fuzzing, in the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, September 2019.
Best Paper Award
- [RAID'19] Ali Davanian, Zhenxiao Qi, Yu Qu, and Heng Yin, DECAF++: Elastic Whole-System Dynamic Taint Analysis, in the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, September 2019.
- [RAID'19] Yue Duan, Lian Gao, Jie Hu, and Heng Yin, Automatic Generation of Non-intrusive Updates for Third-Party Libraries in Android Applications, in the 22nd International Symposium on Research in Attacks, Intrusions and Defenses, September 2019.
- [USENIX Security'19] Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu, and Limin Sun, Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmware via Augmented Process Emulation, in the 28th USENIX Security Symposium, August 2019.
- [NDSS'19] Lei Zhao, Yue Duan, Heng Yin, and Jifeng Xuan. Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing, in the Network and Distributed System Security Symposium, February 2019. (Acceptance rate: 17.4%)
- [CCS'18] Wei Song, Heng Yin, Chang Liu, and Dawn Song. DeepMem: Learning Graph Neural Network Models for Fast and Robust Memory Forensic Analysis, in the 25th ACM Conference on Computer and Communications Security, October 2018. (Acceptance rate: 16.6%)
- [PAM'18] Ahmad Darki, Chun-Yu Chuang, Michalis Faloutsos, Zhiyun Qian, and Heng Yin. RARE: A Systematic Augmented Router Emulation for Malware Analysis, in Passive and Active Measurement Conference 2018, March, 2018.
- [NDSS'18] Yue Duan, Mu Zhang, Abhishek Vasist Bhaskar, Heng Yin, Xiaorui Pan, Tongxin Li, Xueqiang Wang, and Xiaofeng Wang. Things You May Not Know About Android (Un)Packers: A Systematic Study based on Whole-System Emulation, in the Network and Distributed System Security Symposium, February 2018. (Acceptance rate: 16.1%)
- [NDSS'18] Shitong Zhu, Xunchao Hu, Zhiyun Qian, Zubair Shafiq, and Heng Yin. Measuring and Disrupting Anti-Adblockers Using Differential Execution Analysis, in the Network and Distributed System Security Symposium, February 2018. (Acceptance rate: 16.1%)
- [CCS'17] Xiaojun Xu, Chang Liu, Qian Feng, Heng Yin, Le Song and Dawn Song. Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection, in the 24th ACM Conference on Computer and Communications Security, October 2017. (Acceptance rate: 18.06%)
- [CCS'17] David Korczynski and Heng Yin. Capturing Malware Propagations with Code Injections and Code-Reuse Attacks, in the 24th ACM Conference on Computer and Communications Security, October 2017. (Acceptance rate: 18.06%)
- [SecureComm'17] Xunchao Hu, Yao Cheng, Yue Duan, Andrew Henderson and Heng Yin. JSForce: A Forced Execution Engine for Malicious JavaScript Detection, in the 13th EAI International Conference on Security and Privacy in Communication Networks, October 2017.
- [RAID'17] Andrew Henderson, Heng Yin, Guang Jin, Hao Han, and Hongmei Deng. VDF: Targeted Evolutionary Fuzz Testing of Virtual Devices, in the 20th International Symposium on Research on Attacks, Intrusions and Defenses, September 2017.
- [SEKE'17] Xudong He, Zhijiang Dong, Heng Yin and Yujian Fu. A Framework for Developing Cyber Physical Systems, appeared in the 29th International Conference on Software Engineering & Knowledge Engineering, July 2017. Best Paper Award
- [ASIACCS'17] Qian Feng, Minghua Wang, Mu Zhang, Rundong Zhou, Andrew Henderson, and Heng Yin. Extracting Conditional Formulas for Cross-Platform Bug Search, appeared in ACM Asia Conference on Computer and Communications Security, April 2017.
- [NDSS'17] Xiaorui Pan, Xueqiang Wang, Yue Duan, Xiaofeng Wang, and Heng Yin. Dark Hazard: Large-Scale Discovery of Unknown Hidden Sensitive Operations in Android Apps, appeared in the Network and Distributed System Security Symposium, February 2017. (Acceptance rate: 16.1%)
- [CCS'16] Qian Feng, Rundong Zhou, Chengcheng Xu, Yao Cheng, Brian Testa, and Heng Yin. Scalable Graph-based Bug Search for Firmware Images, in the 23rd ACM Conference on Computer and Communications Security, October 2016.
- [RAID'16] Xunchao Hu, Aravind Prakash, Jinghan Wang, Rundong Zhou, Yao Cheng, and Heng Yin. Semantics-Preserving Dissection of JavaScript Exploits via Dynamic JS-Binary Analysis, in the 19th Symposium on Research in Attacks, Intrusions and Defenses, September 2016.
- [ASIACCS'16] Qian Feng, Aravind Prakash, Minghua Wang, Curtis Carmony and Heng Yin. ORIGEN: Automatic Extraction of Offset-Revealing Instructions for Cross-Version Memory Analysis, In Proceedings of the 11th ACM Asia Conference on Computer and Communications Security, May 2016.
- [NDSS'16] Curtis Carmony, Mu Zhang, Xunchao Hu, Abhishek Vasisht Bhaskar, and Heng Yin, Extract Me If You Can: Abusing PDF Parsers in Malware Detectors, In Proceedings of Network and Distributed System Security Symposium, February 2016.
- [ACSAC'15] Aravind Prakash and Heng Yin. Defeating ROP Through Denial of Stack Pivot, In Proceedings of 2015 Annual Computer Security Applications Conference, December 2015.
- [ACSAC'15] Minghua Wang, Heng Yin, Abhishek Vasisht Bhaskar, Purui Su, and Dengguo Feng. Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries, In Proceedings of 2015 Annual Computer Security Applications Conference, December 2015.
- [CCS'15] Mu Zhang, Yue Duan, Qian Feng, and Heng Yin. Towards Automatic Generation of Security-Centric Descriptions for Android Apps, In Proceedings of the 22nd ACM Conference on Computer and Communications Security, November 2015.
- [HotCloud'15] Yue Duan, Mu Zhang, Heng Yin, and Yuzhe Tang, Privacy-Preserving Offloading of Mobile App to the Public Cloud, In The 7th USENIX Workshop on Hot Topics in Cloud Computing, Santa Clara, CA, July 2015.
- [NDSS'15] Aravind Prakash, Xunchao Hu, and Heng Yin, vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries, In Proceedings of ISOC Network and Distributed System Security Symposium, February 2015.
- [ACSAC'14] Qian Feng, Aravind Prakash, Heng Yin, and Zhiqiang Lin, MACE: High-Coverage and Robust Memory Analysis for Commodity Operating Systems, In Proceedings of Annual Computer Security Applications Conference, December 2014.
- [CCS'14] Mu Zhang, Yue Duan, Heng Yin, and Zhiruo Zhao. Semantics-Aware Android Malware Classification using Weighted Contextual API Dependency Graphs, In Proceedings of the 21st ACM Conference on Computer and Communications Security, November 2014.
- [CCS'14] Xing Jin, Xunchao Hu, Kailiang Ying, Wenliang Du, Heng Yin, and Gautam Nagesh Peri. Code Injection Attacks in HTML5-based Mobile Apps: Characterization, Detection and Mitigation, In Proceedings of the 21st ACM Conference on Computer and Communications Security, November 2014.
- [ISSTA'14] Andrew Henderson, Aravind Prakash, Lok Kwong Yan, Xunchao Hu, Xujiewen Wang, Rundong Zhou, and Heng Yin, Make It Work, Make It Right, Make It Fast: Building a Platform-Neutral Whole-System Dynamic Binary Analysis Platform, In Proceedings of International Symposium on Software Testing and Analysis, San Jose, CA, July 2014.
- [SERE'14] Xiaolei Li, Guangdong Bai, Benjamin Thian, Zhenkai Liang, and Heng Yin, A light-weight software environment for confining android malware, In Proceedings of the Eighth International Conference on Software Security and Reliability, Trustworthy Computing Workshop, July 2014.
- [ASIACCS'14] Mu Zhang and Heng Yin. Efficient, Context-Aware Privacy Leakage Confinement for Android Applications without Firmware Modding, In Proceedings of the 9th ACM Symposium on Information, Computer and Communication Security, Kyoto, Japan, June 2014.
- [NDSS'14] Mu Zhang and Heng Yin, AppSealer: Automatic generation of vulnerability-specific patches for preventing component hijacking attacks in Android applications, In Proceedings of the 21st Annual Network and Distributed System Security Symposium, February 2014.
- [SecureComm'13] Yousra Aafer, Wenliang Du, and Heng Yin, DroidAPIMiner: Mining API-Level features for robust malware detection in Android, In Proceedings of the 9th International Conference on Security and Privacy in Communication Networks, September 2013.
- [DSN'13] Aravind Prakash, Eknath Venkataramani, Heng Yin, and Zhiqiang Lin, Manipulating semantic values in kernel data structures: Attack assessments and implications, In Proceedings of the 43rd IEEE/IFIP International Conference on Dependable Systems and Networks, June 2013.
- [ICECCS'13] Xiaolei Li, Guangdong Bai, Zhenkai Liang, and Heng Yin, A Software Environment for Confining Malicious Android Applications via Resource Virtualization, In the 18th International Conference on Engineering of Complex Computer Systems, July 2013.
- [ASIACCS'13] Aravind Prakash, Heng Yin, and Zhenkai Liang, Enforcing system-wide control flow integrity for exploit detection and diagnosis, In Proceedings of the 8th ACM Symposium on Information, Computer and Communication Security, May 2013.
- [SOCC'12] Yufei Gu, Yangchun Fu, Aravind Prakash, Zhiqiang Lin, and Heng Yin, OS-Sommelier: Memory-only operating system fingerprinting in the cloud, In Proceedings of the 3rd ACM Symposium on Cloud Computing, October 2012.
- [USENIX Security'12] Lok Kwong Yan and Heng Yin, DroidScope: Seamlessly Reconstructing the OS and Dalvik Semantic Views for Dynamic Android Malware Analysis, In Proceedings of the 21st USENIX Security Symposium, August 2012.
- [VEE'12] Lok Kwong Yan, Manjukumar Jayachandra, Mu Zhang, and Heng Yin, V2E: Combining hardware virtualization and software emulation for transparent and extensible malware analysis, In Proceedings of the Eighth Annual International Conference on Virtual Execution Environments, March 2012.
- [NDSS'12] Lok Kwong Yan, Manjukumar Jayachandra, Mu Zhang, and Heng Yin, Transparent and extensible malware analysis by combining hardware virtualization and software emulation, In Proceedings of the 19th Annual Network and Distributed System Security Symposium, Invited Paper, February 2012.
- [NDSS'12] Mingwei Zhang, Aravind Prakash, Xiaolei Li, Zhenkai Liang, and Heng Yin, Identifying and analysing pointer misuses for sophisticated memory-corruption exploit diagnosis, In Proceedings of the 19th Annual Network and Distributed System Security Symposium, February 2012.
- [ACSAC'11] Tongbo Luo, Hao Hao, Wenliang Du, Yifei Wang, and Heng Yin, Attacks on webview in the android system, In Proceedings of the 27th Annual Computer Security Application Conference, December 2011.
- [DIMVA'10] Heng Yin, Pongsin Poosankam, Steve Hanna, and Dawn Song, HookScout: Proactive binary-centric hook detection, In Proceedings of Seventh Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 2010.
- [VMSec'09] Min Gyung Kang, Heng Yin, Steve Hanna, Stephen McCamant, and Dawn Song. Emulating emulation-resistant malware, In Proceedings of the 2nd Workshop on Virtual Machine Security, November 2009.
- [ICISS'08] Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena. BitBlaze: A new approach to computer security via binary analysis, In Proceedings of the 4th International Conference on Information Systems Security, Hyderabad, India, December 2008.
- [NDSS'08] Heng Yin, Zhenkai Liang, and Dawn Song. HookFinder: Identifying and understanding malware hooking behaviors, In Proceedings of the 15th Annual Network and Distributed System Security Symposium, February 2008.
- [WORM'07] Min Gyung Kang, Pongsin Poosankam, and Heng Yin, Renovo: A hidden code extractor for packed executables, In Proceedings of the 5th ACM Workshop on Recurring Malcode, October 2007.
- [CCS'07] Heng Yin, Dawn Song, Egele Manuel, Christopher Kruegel, and Engin Kirda, Panorama: capturing system-wide information flow for malware detection and analysis, In Proceedings of the 14th ACM Conference on Computer and Communications Security, October 2007.
- [CCS'07] Juan Caballero, Heng Yin, Zhenkai Liang, and Dawn Song. Polyglot: Automatic extraction of protocol message format using dynamic binary analysis, In Proceedings of the 14th ACM Conference on Computer and Communications Security, October 2007.
- [ATC'07] Manual Egele, Christopher Kruegel, Engin Kirda, Heng Yin, and Dawn Song, Dynamic spyware analysis, In Proceedings of the 2007 Usenix Annual Conference, June 2007.
- [IWQoS'07] Heng Yin, Bo Sheng, Haining Wang, and Jianping Pan. Securing BGP through keychain-based signatures, In Proceedings of the 15th IEEE International Workshop on Quality of Service, June 2007.
- [CCS'06] Mengjun Xie, Heng Yin, and Haining Wang, An effective defense against spam laundering, In Proceedings of the 13th ACM Conference on Computer and Communication Security, October 2006.
- [USENIX Security'05] Heng Yin and Haining Wang, Building an application-aware IPsec policy, In Proceedings of the 14th USENIX Security Symposium, August 2005.
Journal Papers
- [TSE] Jianlei Chi, Yu Qu, Ting Liu, Qinghua Zheng, and Heng Yin, SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning, IEEE Transactions on Software Engineering, 2022.
- [INFSOF] Yu Qu, Jianlei Chi, and Heng Yin, Leveraging Developer Information For Efficient Effort-Aware Bug Prediction, Information and Software Technology, Volume 137, September 2021, 106605, 2021
- [EMSE] Yu Qu and Heng Yin, Evaluating Network Embedding Techniques' Performances in Software Bug Prediction, Empirical Software Engineering 26, no. 4, 2021.
- [TSE] Jia Yang, Cai Fu, Xiao-Yang Liu, Heng Yin, and Pan Zhou, Codee: A Tensor Embedding Scheme for Binary Code Search, to appear in IEEE Transactions on Software Engineering, 2021.
- [TDSC] Lei Zhao, Peng Cheng, Yue Duan, Heng Yin, and Jifeng Xuan, Probabilistic Path Prioritization for Hybrid Fuzzing, to appear in IEEE Transactions on Dependable and Secure Computing.
- [TSE] Andrew Henderson, Lok Kwong Yan, Xunchao Hu, Aravind Prakash, Heng Yin, and Stephen McCamant. DECAF: A Platform-Neutral Whole-System Dynamic Binary Analysis Platform, IEEE Transactions on Software Engineering, Vol 43, No. 2, February 2017.
- [TDSC] Aravind Prakash, Eknath Venkataramani, Heng Yin, and Zhiqiang Lin. On the Trustworthiness of Memory Analysis---An Empirical Study from the Perspective of Binary Execution, IEEE Transactions on Dependable and Secure Computing, Volume 12, Issue 5, September/October 2015.
- [TCC] Yufei Gu, Yangchun Fu, Aravind Prakash, Zhiqiang Lin, and Heng Yin. Multi-Aspect, Robust, and Memory Exclusive Guest OS Fingerprinting, IEEE Transactions on Cloud Computing, July 2014.
- [J-SAC] Heng Yin, Bo Sheng, Haining Wang, and Jianping Pan. Keychain-based Signatures for Securing BGP, IEEE Journal on Selected Areas in Communications, Internet Routing Scalability, October 2010.
- [TISSEC] Mengjun Xie, Heng Yin, and Haining Wang. Thwarting Email Spam Laundering, ACM Transactions on Information and System Security, December 2008.
- [TON] Heng Yin and Haining Wang. Building an Application-aware IPsec Policy System, IEEE/ACM Transactions on Networking, December 2007.
Books and Book Chapters
- Mu Zhang and Heng Yin. Android Application Security: A Context and Semantics-Aware Approach, SpringerBriefs in Computer Science, September 2016.
- Heng Yin and Dawn Song. Automatic Malware Analysis: An Emulator based Approach, SpringerBriefs in Computer Science, September 2012.
- David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. ``Botnet Detection'', chapter ``Automatically Identifying Trigger-based Behavior in Malware'', 2007.