Short Bio

I am an associate professor at Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS). My personal homepage can be found at https://people.ucas.edu.cn/~yetingli.

课题组长期招收硕士生、博士生和博士后，欢迎对软件与系统安全感兴趣的同学加入我们团队。

Research Interests

• Software Security; Program Analysis and Synthesis; Formal Languages and Automata Theory

Selected Publications

→ Full list

• A Survey of Protocol Fuzzing
  Xiaohan Zhang, Cen Zhang, Xinghua Li, Zhengjie Du, Bing Mao, Yuekang Li, Yaowen Zheng,
  Yeting Li, Li Pan, Yang Liu, Robert Deng: ACM Computing Surveys (CSUR)
• Fuzzing for Stateful Protocol Implementations: Are We There Yet?
  Kunpeng Jian, Yanyan Zou, Yeting Li*, Jialun Cao, Menghao Li, Jian Sun, Jingyi Shi, Wei Huo:
  The 18th Theoretical Aspects of Software Engineering Conference (TASE 2024, CCF-C), 29 July - 1 August, 2024, Guiyang, China
• How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation
  Cen Zhang, Yaowen Zheng, Mingqiang Bai, Yeting Li, Wei Ma, Xiaofei Xie, Yuekang Li, Limin Sun, Yang Liu:
  The 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024, CCF-A), 16 - 20 September, 2024, Vienna, Austria
• Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware
  Yiming Liu, Cen Zhang, Feng Li, Yeting Li, Jianhua Zhou, Jian Wang, Lanlan Zhan, Yang Liu, Wei Huo:
  The 46th International Conference on Software Engineering (ICSE 2024, CCF-A), 14 - 20 April 2024, Lisbon, Portugal 🏆ACM SIGSOFT Distinguished Paper Award
• Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems
  Jiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, Wei Huo:
  The 33rd USENIX Security Symposium (USENIX Security 2024, CCF-A), 14 - 16 August 2024, Philadelphia, PA, USA
• File Hijacking Vulnerability: The Elephant in the Room
  Chendong Yu, Yang Xiao, Jie Lu, Yuekang Li, Yeting Li, Lian Li, Yifan Dong, Jian Wang, Jingyi Shi, Defang Bo, Wei Huo:
  The 31st Annual Network and Distributed System Security Symposium (NDSS 2024, CCF-A), 26 Feb - 1 March 2024, San Diego, California
• Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers
  Yi Liu, Yuekang Li, Gelei Deng, Felix Juefei-Xu, Yao Du, Cen Zhang, Chengwei Liu, Yeting Li, Lei Ma, Yang Liu:
  The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023, CCF-A), 11 - 15 Sep 2023, Kirchberg, Luxembourg
• ACETest: Automated Constraint Extraction for Testing Deep Learning Operators
  Jingyi Shi, Yang Xiao, Yuekang Li, Yeting Li, Dongsong Yu, Chendong Yu, Hui Su, Yufeng Chen, Wei Huo:
  The 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023, CCF-A), 17 - 21 July 2023, Washington, United States
• Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation
  Xinyi Wang, Cen Zhang, Yeting Li*, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo:
  The 44th IEEE Symposium on Security and Privacy (S&P 2023, CCF-A), 22 - 25 May 2023, San Francisco, CA
• RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix
  Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao:
  The 31st USENIX Security Symposium (USENIX Security 2022, CCF-A), 10 - 12 Aug 2022, BOSTON, MA, USA
• SemMT: A Semantic-Based Testing Approach for Machine Translation Systems
  Jialun Cao, Meiziniu Li, Yeting Li, Ming Wen, Shing-Chi Cheung, Haiming Chen:
  ACM Transactions on Software Engineering and Methodology (TOSEM 2022, CCF-A)
• ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
  Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung:
  The 30th USENIX Security Symposium (USENIX Security 2021, CCF-A), 11 - 13 Aug 2021, Virtual
• TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair
  Yeting Li, Shuaimin Li, Zhiwu Xu, Jialun Cao, Zixuan Chen, Yun Hu, Haiming Chen, Shing-Chi Cheung:
  The 43rd International Conference on Software Engineering (ICSE 2021, CCF-A), 25 - 28 May 2021, Virtual (originally in Madrid, Spain)
• FlashRegex: Deducing Anti-ReDoS Regexes from Examples
  Yeting Li, Zhiwu Xu, Jialun Cao, Haiming Chen, Tingjian Ge, Shing-Chi Cheung, Haoren Zhao:
  The 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020, CCF-A), 21 - 25 Sep 2020, Melbourne, Australia
• FlashSchema: Achieving High Quality XML Schemas with Powerful Inference Algorithms and Large-scale Schema Data
  Yeting Li, Jialun Cao, Haiming Chen, Tingjian Ge, Zhiwu Xu, Qiancheng Peng:
  The 36th IEEE International Conference on Data Engineering (ICDE 2020, CCF-A), 20 - 24 Apr 2020, Dallas, Texas

Awards & Honors

• National Scholarship, Ministry of Education of the People's Republic of China, 2015.

• National Scholarship, Ministry of Education of the People's Republic of China, 2018.

• CAS Presidential Scholarship (Excellence Award), Chinese Academy of Science (CAS), 2022.

• CAS Special Research Assistant (SRA) Program, Chinese Academy of Science (CAS), 2022.

Contests

• Excellence Award (7/1393), Third Big Data Competition, Baidu, Inc., 2017.

CVEs

We have found hundreds of ReDoS vulnerabilities in pypi/npm/maven packages, such as Python source code, postcss, ua-parser-js, etc. So far, 50+ vulnerabilities have been validated and assigned CVEs by the community, including snyk.io (e.g., CVE-2021-23354, CVE-2020-28493), MITRE Corporation (e.g., CVE-2020-29651), and package authors (e.g., CVE-2021-21317).

→ 50+ CVEs