Yeting Li

Associate Professor at IIE, CAS

Short Bio

I am currently an associate professor at Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS). I received my Bachelor Degree in School of Computer Science, Shaanxi Normal University in 2016, and Ph.D. degree in SKLCS, Institute of Software, Chinese Academy of Sciences (ISCAS) in 2022. I also worked as a visiting researcher at the Cyber Security Lab in Nanyang Technological University (NTU) from 2021 to 2022.

Research Interests

  • Software Security; Formal Languages and Automata Theory; Program Synthesis and Analysis

News

  • [May 2022] Our paper "RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix" is accepted by USENIX Security 2022
  • [Feb 2022] Our paper "Learning Disjunctive Multiplicity Expressions and Disjunctive Generalize Multiplicity Expressions from Both Positive and Negative Examples" is accepted by The Computer Journal 2022
  • [Sep 2021] Our paper "SemMT: A Semantic-based Testing Approach for Machine Translation Systems" is accepted by TOSEM 2022. Congrats Jialun!
  • [May 2021] Our paper "ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection" is accepted by USENIX Security 2021
  • [Dec 2020] Our paper "TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair" is accepted by ICSE 2021
  • [Jul 2020] Our paper "FlashRegex: Deducing Anti-ReDoS Regexes from Examples" is accepted by ASE 2020

Selected Publications

→ Full list

  • RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix
    Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao:
    The 31st USENIX Security Symposium (USENIX Security 2022), 10 - 12 Aug 2022, BOSTON, MA, USA
  • SemMT: A Semantic-Based Testing Approach for Machine Translation Systems
    Jialun Cao, Meiziniu Li, Yeting Li, Ming Wen, Shing-Chi Cheung, Haiming Chen:
    ACM Transactions on Software Engineering and Methodology (TOSEM 2022)
  • ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
    Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung:
    The 30th USENIX Security Symposium (USENIX Security 2021), 11 - 13 Aug 2021, Virtual
  • TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair
    Yeting Li, Shuaimin Li, Zhiwu Xu, Jialun Cao, Zixuan Chen, Yun Hu, Haiming Chen, Shing-Chi Cheung:
    The 43rd International Conference on Software Engineering (ICSE 2021), 25 - 28 May 2021, Virtual (originally in Madrid, Spain)
  • FlashRegex: Deducing Anti-ReDoS Regexes from Examples
    Yeting Li, Zhiwu Xu, Jialun Cao, Haiming Chen, Tingjian Ge, Shing-Chi Cheung, Haoren Zhao:
    The 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020), 21 - 25 Sep 2020, Melbourne, Australia
  • FlashSchema: Achieving High Quality XML Schemas with Powerful Inference Algorithms and Large-scale Schema Data
    Yeting Li, Jialun Cao, Haiming Chen, Tingjian Ge, Zhiwu Xu, Qiancheng Peng:
    The 36th IEEE International Conference on Data Engineering (ICDE 2020), 20 - 24 Apr 2020, Dallas, Texas

Awards & Honors

  • National Scholarship, Ministry of Education of the People's Republic of China, 2015.
  • National Scholarship, Ministry of Education of the People's Republic of China, 2018.
  • CAS Presidential Scholarship (Excellence Award), Chinese Academy of Science (CAS), 2022.

Contests

  • Excellence Award (7/1393), Third Big Data Competition, Baidu, Inc., 2017.

CVEs

We have found hundreds of ReDoS vulnerabilities in pypi/npm/maven packages, such as Python source code, postcss, ua-parser-js, etc. So far, 50+ vulnerabilities have been validated and assigned CVEs by the community, including snyk.io (e.g., CVE-2021-23354, CVE-2020-28493), MITRE Corporation (e.g., CVE-2020-29651), and package authors (e.g., CVE-2021-21317).

→ 50+ CVEs

Last Updated: 07/28/2022, 04:00:00 PM