Associate Professor at IIE, CAS
I am currently an associate professor at Institute of Information Engineering, Chinese Academy of Sciences (IIE, CAS). I received my Bachelor Degree in School of Computer Science, Shaanxi Normal University in 2016, and Ph.D. degree in SKLCS, Institute of Software, Chinese Academy of Sciences (ISCAS) in 2022. I also worked as a visiting researcher at the Cyber Security Lab in Nanyang Technological University (NTU) from 2021 to 2022.
- Software Security; Formal Languages and Automata Theory; Program Synthesis and Analysis
- [May 2022] Our paper "RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix" is accepted by USENIX Security 2022
- [Feb 2022] Our paper "Learning Disjunctive Multiplicity Expressions and Disjunctive Generalize Multiplicity Expressions from Both Positive and Negative Examples" is accepted by The Computer Journal 2022
- [Sep 2021] Our paper "SemMT: A Semantic-based Testing Approach for Machine Translation Systems" is accepted by TOSEM 2022. Congrats Jialun!
- [May 2021] Our paper "ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection" is accepted by USENIX Security 2021
- [Dec 2020] Our paper "TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair" is accepted by ICSE 2021
- [Jul 2020] Our paper "FlashRegex: Deducing Anti-ReDoS Regexes from Examples" is accepted by ASE 2020
- RegexScalpel: Regular Expression Denial of Service (ReDoS)
Defense by Localize-and-Fix
Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao:
The 31st USENIX Security Symposium (USENIX Security 2022), 10 - 12 Aug 2022, BOSTON, MA, USA
- SemMT: A Semantic-Based Testing Approach for Machine Translation Systems
Jialun Cao, Meiziniu Li, Yeting Li, Ming Wen, Shing-Chi Cheung, Haiming Chen:
ACM Transactions on Software Engineering and Methodology (TOSEM 2022)
- ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung:
The 30th USENIX Security Symposium (USENIX Security 2021), 11 - 13 Aug 2021, Virtual
- TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair
Yeting Li, Shuaimin Li, Zhiwu Xu, Jialun Cao, Zixuan Chen, Yun Hu, Haiming Chen, Shing-Chi Cheung:
The 43rd International Conference on Software Engineering (ICSE 2021), 25 - 28 May 2021, Virtual (originally in Madrid, Spain)
- FlashRegex: Deducing Anti-ReDoS Regexes from Examples
Yeting Li, Zhiwu Xu, Jialun Cao, Haiming Chen, Tingjian Ge, Shing-Chi Cheung, Haoren Zhao:
The 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020), 21 - 25 Sep 2020, Melbourne, Australia
- FlashSchema: Achieving High Quality XML Schemas with Powerful Inference Algorithms and
Large-scale Schema Data
Yeting Li, Jialun Cao, Haiming Chen, Tingjian Ge, Zhiwu Xu, Qiancheng Peng:
The 36th IEEE International Conference on Data Engineering (ICDE 2020), 20 - 24 Apr 2020, Dallas, Texas
Awards & Honors
- National Scholarship, Ministry of Education of the People's Republic of China, 2015.
- National Scholarship, Ministry of Education of the People's Republic of China, 2018.
- CAS Presidential Scholarship (Excellence Award), Chinese Academy of Science (CAS), 2022.
- Excellence Award (7/1393), Third Big Data Competition, Baidu, Inc., 2017.
We have found hundreds of ReDoS vulnerabilities in pypi/npm/maven packages, such as Python source code, postcss, ua-parser-js, etc. So far, 50+ vulnerabilities have been validated and assigned CVEs by the community, including snyk.io (e.g., CVE-2021-23354, CVE-2020-28493), MITRE Corporation (e.g., CVE-2020-29651), and package authors (e.g., CVE-2021-21317).