I obtained my B.E. degree of Information Security from Harbin Institute of Technology (HIT) in 2012. And during college, I was exchanged to Feng Chia University (Taiwan) in 2010.
I obtained my Ph.D. degree of Computer Applications Technology from the TCA lab at Institute of Software Chinese Academy of Sciences (ISCAS) in 2012-2018,
was co-advised by Professor Purui Su and Professor Dengguo Feng . After, I worked as a Postdoc at the Software Systems Security lab headed by Professor Dinghao Wu in The Pennsylvania State University (PSU) in 2018-2019.
My research interests focus on software engineering and software security, including program analysis, vulnerability analysis and malware detection. I am now working on several projects including:
- Dynamic program analysis
- Vulnerability discovery based on fuzzing
- Patch analysis and software supply chain security
📝 Publications
-
AirTaint: Making Dynamic Taint Analysis Faster and Easier.
Qian Sang, Yanhao Wang, Yuwei Liu, Xiangkun Jia*, Tiffany Bao, Purui Su
The 45th IEEE Symposium on Security and Privacy (S&P 2024, CCF-A) -
AFGen: Whole-Function Fuzzing for Applications and Libraries.
Yuwei Liu, Yanhao Wang, Xiangkun Jia, Zheng Zhang, Purui Su
The 45th IEEE Symposium on Security and Privacy (S&P 2024, CCF-A) -
LGBRoot: Local Graph-Based Automated Vulnerability Root Causes Analysis.📃
Yuanping Yu, Purui Su, Huafeng Huang, Xiangkun Jia
Journal of Software. (CCF-T1, in Chinese) -
A fine-grained assessment method of vulnerability impact scope for PyPI ecosystem.
Zibo Wang, Xiangkun Jia*, Lingyun Ying, Purui Su
Journal of Software. (CCF-T1, in Chinese) -
Research Progress and Trends in Software Supply Chain Security.📂Online
Xiangkun Jia, Yuan Zhang, Jia Yan, Purui Su, Min Yang, Dengguo Feng
2021-2022 China Computer Science and Technology Development Report. (in Chinese)
-
Understanding and Mitigating Label Bias in Malware Classification: An Empirical Study.
Jia Yan, Xiangkun Jia*, Lingyun Ying, Jia Yan, Purui Su
The 22nd IEEE International Conference on Software Quality, Reliability and Security (QRS 2022, CCF-C) -
DitDetector: Bimodal Learning based on Deceptive Image and Text for Macro Malware Detection.
Jia Yan, Ming Wan, Xiangkun Jia, Lingyun Ying, Purui Su, Zhanyi Wang
The Annual Computer Security Applications Conference (ACSAC 2022, CCF-B) -
HTFuzz: Heap Operation Sequence Sensitive Fuzzing.📂Code
Yuanping Yu, Xiangkun Jia*, Yuwei Liu, Yanhao Wang, Qian Sang, Chao Zhang, Purui Su
The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2022, CCF-A) -
Automatic exploitation generation method of write-what-where vulnerability.
Huafeng Huang, Purui Su, Yi Yang, Xiangkun Jia
Journal on Communications. Vol. 43 No. 1, 2022. (CCF-T1, in Chinese)
- InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing.📂Code
Yuwei Liu, Yanhao Wang, Purui Su, Yuanping Yu, Xiangkun Jia*
The 37th IEEE/ACM International Conference on Automated Software Engineering (ASE 2021, CCF-A)
- Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization.📂Code
Yanhao Wang, Xiangkun Jia, Yuwei Liu, Kyle Zeng, Tiffany Bao, Dinghao Wu, Purui Su
The Network and Distributed System Security Symposium (NDSS 2020, CCF-A)
-
Towards Efficient Heap Overflow Discovery.
Xiangkun Jia, Chao Zhang, Purui Su, Yi Yang, Huafeng Huang, Dengguo Feng
Proceedings of the 26th USENIX Security Symposium (Security 2017, CCF-A) -
Automatically assessing crashes from heap overflows.
Liang He, Yan Cai, Hong Hu, Purui Su, Zhenkai Liang, Yi Yang, Huafeng Huang, Jia Yan, Xiangkun Jia, Dengguo Feng
The 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2017, CCF-A) -
Safety analysis and evaluation of security protocol implementation.
Xiangkun Jia, Jia Yan, Purui Su
Bulletin of Chinese Association for Cryptologic Research. Issue 6, 2014. (in Chinese)
🏆 Honors and Awards
- Supported by Youth Innovation Promotion Association CAS
- Supported by Outstanding Science and Technology Talent Program of ISCAS
- The First Prize of “ZongHengBei” RHG AUTOPWN
- The Third Prize of BCTF AUTOPWN (20200807), founded by Baidu
- Internet security scholarship of CHINA Internet Development Foundation in 2017
- National Scholarship in 2017
- Excellent graduate of Heilongjiang Province in China in 2012
💻 Professional Activities
- PC for Conferences including FC 2025, AsiaCCS 2025, USENIX Security 2024, CCS 2024, ASE 2024, SANER 2024
- Sub-reviewer/Student PC for Conferences including SecureComm’2023, ACNS’2023, AsiaCCS’2021, ICICS’2021, ICICS’2020, CCS’2019, CNS’2019, S&P 2018, CSET’17, RAID’17, VARA’17, CODASPY’16
- Sub-reviewer for Journals including IEEE Transactions on Network and Service Management, Transactions on Software Engineering, Chinese Journal of Computers, Journal of Software, Chinese Journal of Electronics