Software & System Security / 软件与系统安全
Yeting Li 李页霆
Associate Professor · Institute of Information Engineering, Chinese Academy of Sciences
I work at the intersection of software security, systems, and AI, with a focus on intelligent vulnerability discovery, automated exploit generation, program analysis, and real-world security evaluation.
Software Security
Program Analysis
AI for Security
Recent work appears in EuroSys 2026, NDSS 2026, TOSEM 2026, and USENIX Security 2025, with paper recognitions at ICSE 2024 and USENIX Security 2025.
43Peer-reviewed papers
21First/corresponding-author papers
300+Reported CVEs and security findings
Top-tierS&P, USENIX Security, NDSS, EuroSys, ICSE, ASE, ISSTA
Selected recognitions include the ICSE 2024 ACM SIGSOFT Distinguished Paper Award and the USENIX Security 2025 Distinguished Paper Honorable Mention.
About
Biography
A brief academic biography and research overview.
Yeting Li is an Associate Professor at the Institute of Information Engineering, Chinese Academy of Sciences. His research centers on software and system security, especially intelligent vulnerability discovery, automated exploitation, program analysis, fuzzing, and security evaluation. He has published 43 peer-reviewed papers in venues including IEEE S&P, USENIX Security, NDSS, EuroSys, ICSE, ASE, and ISSTA, with 21 papers as first author or corresponding author.
李页霆,中国科学院信息工程研究所副研究员,长期从事软件与系统安全研究,重点关注智能化漏洞挖掘、自动化利用生成、程序分析、模糊测试与安全评测。在 IEEE S&P、USENIX Security、NDSS、EuroSys、ICSE、ASE、ISSTA 等国际高水平会议和期刊发表同行评审论文 43 篇,其中 21 篇为第一作者或通讯作者。
Research
Research
My work connects theory, systems, and real offensive/defensive needs, with an emphasis on usable automation, rigorous evaluation, and vulnerabilities that matter in practice.
01 / Discovery
Vulnerability Discovery
Finding real vulnerabilities in web applications, binaries, firmware, and open-source ecosystems through AI-assisted reasoning, analysis, and testing.
02 / Exploitation
Automated Exploit Generation
Connecting vulnerability detection, exploit construction, constraint solving, and validation into practical end-to-end security workflows.
03 / Analysis
Program Analysis & Fuzzing
Designing static and dynamic analysis techniques for complex software stacks, protocol implementations, and security-critical system components.
04 / Systems
Firmware, Systems, and LLM Security
Studying low-level systems and exploring how large language models can support code understanding, security testing, and inconsistency discovery.
Publications
Selected publications
Representative papers selected from recent years. The complete publication list remains available on a dedicated page.
43Peer-reviewed papers listed in reverse chronological order
21First-author or corresponding-author publications
300+Reported CVEs and vulnerability findings
2Recent distinguished paper recognitions
Representative papers by year / 按年份展示
2026
-
iDetector: Unraveling and Automating the Detection of Modern Java Web Injection VulnerabilitiesAutomating the detection of modern Java web injection vulnerabilities.
-
QLAuto: A Static Application Security Testing Approach Based on Intelligent Extraction of Vulnerability Patterns张宇航, 苏赫, 李丰, 胡一凡, 胡文泊, 李页霆, 朴爱花, 霍玮. QLAuto:基于漏洞模式智能提炼的静态应用安全测试方法[J]. 信息安全学报.Static application security testing driven by intelligent extraction of vulnerability patterns.
-
Themis: Bridging Documentation and Code to Uncover Access Control Vulnerabilities in GitLabLLM-assisted consistency checking between documentation-derived permissions and code-level enforcement for GitLab access control vulnerabilities.
2025
-
VULCANBOOST: Boosting ReDoS Fixes through Symbolic Representation and Feature NormalizationHighlighted work on ReDoS repair through symbolic representation and feature normalization.
2024
-
Semantic-Enhanced Static Vulnerability Detection in Baseband FirmwareSemantic-enhanced static vulnerability detection for baseband firmware.
Openings
Openings
We welcome master's students, PhD students, postdoctoral researchers, and research interns interested in software and system security.
Typical interests include program analysis, fuzzing, binary analysis, firmware security, compiler/runtime systems, and LLM-based security.
- Curiosity, rigor, and strong engineering taste are especially valued.
- Projects are grounded in real security problems with both academic and practical impact.
Please email your CV, transcript, representative projects, and a short note about your research interests to liyeting (at) iie (dot) ac (dot) cn.
Service
Professional services
I contribute to the software security and software engineering communities as a reviewer, program committee member, and journal referee.
Recent conferences
- USENIX Security Symposium (USENIX Security) 2024
- Theoretical Aspects of Software Engineering (TASE) 2024 / 2026
- LLM4Sec Workshop @ IEEE ICDM 2025
Selected journals
- IEEE Transactions on Dependable and Secure Computing (TDSC)
- IEEE Transactions on Mobile Computing (TMC)
- ACM Transactions on Software Engineering and Methodology (TOSEM)
- Computers & Security
- Science of Computer Programming (SCP)
- Journal of Computer Science and Technology (JCST)
- 《计算机学报》
- 《计算机研究与发展》
Recognition
Awards and honors
Selected recognitions across research, scholarships, and competitive systems work.
ICSE 2024
ACM SIGSOFT Distinguished Paper Award
USENIX Security 2025
Distinguished Paper Honorable Mention
Chinese Academy of Sciences
Presidential Scholarship (Excellence Award), 2022 · Special Research Assistant Program, 2022
National & Competition Awards
National Scholarship, 2015 and 2018 · Baidu Third Big Data Competition Excellence Award (7/1393), 2017
