Selected Publications
| TMC 2024 |
"Turning Noises to Fingerprint-Free 'Credentials': Secure and Usable Drone Authentication." Chuxiong Wu, and Qiang Zeng. IEEE Transactions on Mobile Computing (TMC), 2024. >> [PDF] |
| Security 2023 |
"Can a Deep Learning Model for One Architecture Be Used for Others? Retargeted-Architecture Binary Code Analysis." Junzhe Wang, Matthew Sharp, Chuxiong Wu, Qiang Zeng, and Lannan Luo. The 32nd USENIX Security Symposium (USENIX Security), 2023. >> [PDF] |
| Security 2023 |
"Detecting and Handling IoT Interaction Threats in Multi-Platform Multi-Control-Channel Smart Homes." Haotian Chi, Qiang Zeng, and Xiaojiang Du. The 32nd USENIX Security Symposium (USENIX Security), 2023. >> [PDF] |
| MobiSys 2023 |
"No More Companion Apps Hacking but One Dongle: Hub-Based Blackbox Fuzzing of IoT Firmware." Xiaoyue Ma, Qiang Zeng, Haotian Chi, and Lannan Luo. The 21st ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), 2023. >> [PDF] |
| UbiComp 2022 |
"`Use It—No Need to Shake It!' Accurate Implicit Authentication for Everyday Objects with Smart Sensing." Chuxiong Wu, Xiaopeng Li, Fei Zuo, Lannan Luo, Xiaojiang Du, Jia Di, and Qiang Zeng. Interactive, Mobile, Wearable and Ubiquitous Technologies, Issue 3, Vol. 5 (UbiComp), 2022. >> [PDF] |
| MobiCom 2022 |
"Authentication for Drone Delivery Through a Novel Way of Using Face Biometrics." Jonathan Sharp, Chuxiong Wu, and Qiang Zeng. The 28th Annual International Conference On Mobile Computing And Networking (MobiCom), 2022. >> [PDF] |
| MobiSys 2022 |
"G2Auth: Secure Mutual Authentication for Drone Delivery Without Special User-Side Hardware." Chuxiong Wu, Xiaopeng Li, Lannan Luo, and Qiang Zeng. The 20th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), 2022. >> [PDF] |
| Oakland 2022 |
"Delay Wreaks Havoc on Your Smart Home: Delay-based Automation Interference Attacks." Haotian Chi, Chenglong Fu, Qiang Zeng, and Xiaojiang Du. The 43rd IEEE Symposium on Security and Privacy (Oakland), 2022. >> [PDF] |
| TDSC 2022 |
"Easy Peasy: A New Handy Method for Pairing Multiple COTS IoT Devices." Heng Ye, Qiang Zeng, Jiqiang Liu, Xiaojiang Du, Wei Wang Transactions on Dependable and Secure Computing, 2022. >> [PDF] |
| DSN 2022 |
"IoT Phantom-Delay Attacks: Demystifying and Exploiting IoT Timeout Behaviors." Chenglong Fu, Qiang Zeng, Haotian Chi, Xiaojiang Du, and Siva Likitha Valluru. The 52nd IEEE/IFIP International Conference on Dependable Systems and Networks, 2022. >> [PDF] (First submitted to Oakland'21 on 12/4/2020 but got rejected. This version clarified the ``Threat Model''.) |
| NDSS 2021 |
"PFirewall: Semantics-Aware Customizable Data Flow Control for Smart Home Privacy Protection." Haotian Chi, Qiang Zeng, Xiaojiang Du, and Lannan Luo. The 28th Annual Network and Distributed System Security Symposium (NDSS), 2021. >> [PDF] (First submitted to USENIX Sec'19 in 11/2018 but got rejected; posted on arXiv in 10/2019) |
| Security 2021 |
"HAWatcher: Semantics-Aware Anomaly Detection for Appified Smart Homes." Chenglong Fu, Qiang Zeng, and Xiaojiang Du. The 30th USENIX Security Symposium (USENIX Security), 2021. >> [PDF] (First submitted: 8/23/19; Major Revision submitted: 6/19/20; Accepted: 9/30/20) |
| ACSAC 2021 |
"Westworld: Fuzzing-Assisted Remote Dynamic Symbolic Execution of Smart Apps on IoT Cloud Platforms." Lannan Luo, Qiang Zeng, Bokai Yang, Fei Zuo, and Junzhe Wang. Annual Computer Security Applications Conference (ACSAC) , 2021. >> [PDF] |
| RAID 2021 |
"SniffMislead: Non-Intrusive Privacy Protection Against Wireless Packet Sniffers in Smart Homes." Xuanyu Liu, Qiang Zeng, Xiaojiang Du, Siva Likitha Valluru, Chenglong Fu, Xiao Fu, and Bin Luo. The 24th International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2021. >> [PDF] |
| AsiaCCS 2021 |
"Exploiting the Sensitivity of L2 Adversarial Examples to Erase-and-Restore." Fei Zuo and Qiang Zeng. ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021. >> [PDF] [Code, datasets, and models] |
| CCS 2020 |
"T2Pair: Secure and Usable Pairing for Heterogeneous IoT Devices." Xiaopeng Li, Qiang Zeng*, Lannan Luo, and Tongbo Luo ('*' Corresponding Author). The 27th ACM Conference on Computer and Communications Security (CCS), 2020. >> [PDF] [Slides] |
| ACSAC 2020 |
"Attacking Graph-Based Classification without Changing Existing Connections." Xuening Xu, Xiaojiang Du, and Qiang Zeng. Annual Computer Security Applications Conference (ACSAC), 2020. >> [PDF] |
| DSN 2020 |
"Cross-App Interference Threats in Smart Homes: Categorization, Detection and Handling." Haotian Chi, Qiang Zeng, Xiaojiang Du, and Jiaping Yu. The 50th IEEE/IFIP International Conference on Dependable Systems and Networks, 2020. (Posted on arXiv in August 2018). >> [PDF] [arXiv-2018] [Slides] |
| TDSC 2019 |
"Resilient User-Side Android Application Repackaging and Tampering Detection Using Cryptographically Obfuscated Logic Bombs." Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, Zhoujun Li, Chin-Tser Huang, Csilla Farkas. Transactions on Dependable and Secure Computing, 2019. >> [PDF] |
| TMC 2019 |
"Tainting-Assisted and Context-Migrated Symbolic Execution of Android Framework for Vulnerability Discovery and Exploit Generation." Lannan Luo, Qiang Zeng*, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao, Min Yang, Xinyu Xing, and Peng Liu. ('*' Corresponding Author) IEEE Transactions on Mobile Computing (TMC), 2019. >> [PDF] [Code] |
| NDSS 2019 |
"Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs." Fei Zuo, Xiaopeng Li, Patrick Young, Lannan Luo, Qiang Zeng, and Zhexin Zhang. NDSS, 2019. >> [PDF] [Slides] [Code, datasets, and models] (Previously, the paper was submitted to NDSS 2018 in August 2017 and S&P 2019 in May 2018, and finally got accepted to NDSS 2019 after significant improvement. However, the main NMT-inspired idea remains the same. Here is our NDSS 2018 submission page.) |
| MobiCom 2019 |
"Touch Well Before Use: Intuitive and Secure Authentication for IoT Devices." Xiaopeng Li, Fengyao Yan, Fei Zuo, Qiang Zeng, and Lannan Luo. The 25th Annual International Conference on Mobile Computing and Networking, 2019. >> [PDF] |
| RAID 2019 |
"Exploiting the Inherent Limitation of L0 Adversarial Examples." Fei Zuo, Bokai Yang, Xiaopeng Li, Lannan Luo, and Qiang Zeng. The 22nd International Symposium on Research in Attacks, Intrusions and Defenses, 2019. >> [PDF] [Slides] [Code, datasets, and models] |
| DSN 2019 |
"A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples." Qiang Zeng, Jianhai Su, Chenglong Fu, Golam Kayas, Lannan Luo, Xiaojiang Du, Chiu C. Tan, and Jie Wu. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, 2019. >> [PDF] [Slides] [Code, datasets, and models] |
| DSN 2019 |
"HeapTherapy+: Efficient Handling of (Almost) All Heap Vulnerabilities Using Targeted Calling-Context Encoding." Qiang Zeng, Golam Kayas, Emil Mohammed, Lannan Luo, Xiaojiang Du, and Junghwan Rhee. The 49th IEEE/IFIP International Conference on Dependable Systems and Networks, 2019. >> [PDF] [Slides] |
| CGO 2018 |
"Resilient Decentralized Android Application Repackaging Detection Using Logic Bombs." Qiang Zeng, Lannan Luo, Zhiyun Qian, Xiaojiang Du, and Zhoujun Li. International Symposium on Code Generation and Optimization, 2018. >> [PDF] [Slides] (An earlier version of this paper was submitted to ESORICS'16 on 5/2/16, but got rejected. It was accepted to CGO'18 on 11/1/17.) |
| MobiSys 2017 |
"System Service Call-oriented Symbolic Execution of Android
Framework with Applications to Vulnerability Discovery and
Exploit Generation." Lannan Luo*, Qiang Zeng*, Chen Cao, Kai Chen, Jian Liu, Limin Liu, Neng Gao, Min Yang, Xinyu Xing, and Peng Liu. ( '*' Co-first authors) The 15th ACM International Conference on Mobile Systems, Applications, and Services, 2017. >> [PDF] [Slides] [Code] |
|
ICSE-SEET 2016 |
"SolMiner: Mining Distinct Solutions in Programs." Lannan Luo and Qiang Zeng. The 38th International Conference on Software Engineering, SEET track, 2016. >> [PDF] |
| DSN 2015 |
"HeapTherapy: An Efficient End-to-end Solution against Heap Buffer Overflows." Qiang Zeng*, Mingyi Zhao*, and Peng Liu. ( '*' Co-first authors) The 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2015. >> [PDF] |
| DSN 2015 |
"Risk Assessment of Buffer 'Heartbleed' Over-read Vulnerabilities." (Practical Experience Report) Jun Wang, Mingyi Zhao, Qiang Zeng, Dinghao Wu, and Peng Liu. The 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2015. >> [PDF] |
| TKDE 2014 |
"Enforcement of Autonomous Authorizations in Collaborative Distributed Query Evaluation." Qiang Zeng, Mingyi Zhao, Peng Liu, Poonam Yadav, Seraphin Calo, and Jorge Lobo. IEEE Transactions on Knowledge and Data Engineering (TKDE), 2014. >> [PDF] |
| CGO 2014 |
"DeltaPath: Precise and Scalable Calling Context Encoding." Qiang Zeng, Junghwan Rhee, Hui Zhang, Nipun Arora, Guofei Jiang, and Peng Liu. International Symposium on Code Generation and Optimization (CGO), 2014. >> [PDF] [Slides] |
| NDSS 2012 |
"Kruiser: Semi-synchronized Non-blocking Concurrent Kernel Heap Buffer Overflow Monitoring." Donghai Tian, Qiang Zeng, Dinghao Wu, Peng Liu, and Changzhen Hu. The 19th Annual Network and Distributed System Security Symposium (NDSS), 2012. >> [PDF] [Slides] |
| PLDI 2011 |
"Cruiser: Concurrent Heap Buffer Overflow Monitoring Using Lock-free Data Structures." Qiang Zeng, Dinghao Wu, and Peng Liu. The 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2011. >> [PDF] [Slides] [Code] |
Other Publications
| TCC 2020 |
"Semi-synchronized Non-blocking Concurrent Kernel Cruising." Donghai Tian, Qiang Zeng, Dinghao Wu, Peng Liu, and Changzhen Hu. Transactions on Cloud Computing, 2020. >> [PDF] |
| IEEE Access 2019 |
"Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study." Rixin Xu, Qiang Zeng*, Liehuang Zhu, Haotian Chi, Xiaojiang Du, and Mohsen Guizani. ('*' Corresponding Author) IEEE Access, 2019. >> [PDF] |
|
AAAI-AICS 2019 |
"A Multiversion Programming Inspired Approach to Detecting Audio Adversarial Examples" Qiang Zeng, Jianhai Su, Chenglong Fu, Golam Kayas, and Lannan Luo. The AAAI Workshop on Artificial Intelligence for Cyber Security, 2019. >> [PDF] [Slides] |
|
NDSS-BAR 2019 |
"A Cross-Architecture Instruction Embedding Model for Natural Language Processing-Inspired Binary Code Analysis" Kimberly Redmond, Lannan Luo, and Qiang Zeng. NDSS Workshop on Binary Analysis Research, 2019. >> [PDF] |
| IPCCC 2018 |
"Privacy Leakage in Smart Homes and Its Mitigation: IFTTT as a Case Study." Rixin Xu, Qiang Zeng, Liehuang Zhu, Haotian Chi, Xiaojiang Du, and Mohsen Guizani. In IEEE 37th International Performance Computing and Communications Conference (IPCCC), 2018. >> [PDF] |
| arXiv 2018 |
"Countermeasures Against L0 Adversarial Examples Using Image Processing and Siamese Networks" Fei Zuo, Lannan Luo, and Qiang Zeng. arXiv, 2018. >> [PDF] |
| CNS 2018 |
"e-SAFE: Secure, Efficient and Forensics-Enabled Access to Implantable Medical Devices." Haotian Chi, Longfei Wu, Xiaojiang Du, Qiang Zeng, and Paul Ratazzi. IEEE Conference on Communications and Network Security, 2018. >> [PDF] |
| ICICS 2017 |
"Deobfuscation of Virtualization-obfuscated Code through Symbolic Execution and Compilation Optimization." Mingyue Liang, Zhoujun Li, Qiang Zeng, and Zhejun Fang. The 19th International Conference on Information and Communications Security, 2017. >> [PDF] |
| Usenix Security 2017 |
"Deobfuscation of Virtualization-based Obfuscated Binary." Mingyue Liang, Zhoujun Li, Qiang Zeng, and Zhejun Fang. The 26th USENIX Security Symposium (Poster Session), 2017. |
| Tech Report 2017 |
"On the Robustness of Stochastic Stealthy Network Against Android App Repackaging." Ravshanbek Norboev, Zakia Hossain, Lannan Luo, and Qiang Zeng Technical Report, 2017. >> [PDF] |
| Tech Report 2014 |
"Tailored Application-specific System Call Tables." Qiang Zeng, Zhi Xin, Dinghao Wu, Peng Liu, and Bing Mao. Technical Report, 2014. >> [PDF] |
| Oakland 2014 |
"Targeted Therapy for Program Bugs." Qiang Zeng, Mingyi Zhao, and Peng Liu. The 35th IEEE Symposium on Security and Privacy (Poster Session), 2014. >> [PDF] |
| Book Chapter 2013 |
"Software Cruising: A New Technology for Building Concurrent Software Monitor." Dinghao Wu, Peng Liu, Qiang Zeng, and Donghai Tian. Invited paper, Secure Cloud Computing, Advances in Information Security Series, Springer, 2013. |
| ACITA 2012 |
"Safe Query Processing for Pairwise Authorizations in Coalition Networks." Qiang Zeng, Jorge Lobo, Peng Liu, Seraphin Calo, and Poonam Yadav. The 6th Annual Conference of International Technology Alliance (ACITA), 2012. >> [PDF] [Slides] |