Yeting Li

Publications / 发表论文

Peer-reviewed publications in software and system security, vulnerability discovery, fuzzing, program analysis, ReDoS defense, and software engineering.

Google Scholar DBLP Homepage Publications Prospective Students

2026

  • Themis: Bridging Documentation and Code to Uncover Access Control Vulnerabilities in GitLab
    Yujie Sun, Huina Chao, Yeting Li*, Xinyi Wang, Yiming Liu, Jialun Cao, Qin Mai, Hengyu Yang, Feng Li, Wei Huo, Baoxu Liu: 2026 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP 2026, CCF-B)
    LLM-assisted consistency checking between documentation-derived permissions and code-level enforcement for GitLab access control vulnerabilities.
  • LifeFuzz: Lifecycle-Guided Fuzzing for Windows Driver Cross-Handler Vulnerabilities
    Chendong Yu, Yuekang Li, Yang Xiao, Jie Lu, Yeting Li, Defang Bo, Wei Huo: The 21st ACM European Conference on Computer Systems (EuroSys 2026, CCF-A)
    Lifecycle-guided Windows driver fuzzing for cross-handler vulnerabilities.
  • User-Space Dependency-Aware Rehosting for Linux-Based Firmware Binaries
    Chuan Qin, Cen Zhang, Yaowen Zheng, Puzhuo Liu, Jian Zhang, Yeting Li, Weidong Zhang, Yang Liu, Limin Sun: The 33rd Network and Distributed System Security Symposium (NDSS 2026, CCF-A)
    Dependency-aware firmware rehosting for scalable dynamic analysis.
  • Through the Authentication Maze: Detecting Authentication Bypass Vulnerabilities in Firmware Binaries
    Nanyu Zhong, Yuekang Li, Yanyan Zou, Jiaxu Zhao, Jinwei Dong, Yang Xiao, Bingwei Peng, Yeting Li, Wei Wang, Wei Huo: The 33rd Network and Distributed System Security Symposium (NDSS 2026, CCF-A)
    Dynamic firmware analysis for authentication bypass vulnerabilities.

2025

  • VULCANBOOST: Boosting ReDoS Fixes through Symbolic Representation and Feature Normalization
    Yeting Li, Yecheng Sun, Zhiwu Xu, Haiming Chen, Xinyi Wang, Hengyu Yang, Huina Chao, Cen Zhang, Yang Xiao, Yanyan Zou, Feng Li, Wei Huo: The 34th USENIX Security Symposium (USENIX Security 2025, CCF-A) AwardDistinguished Paper Honorable Mention, 6% of accepted papers
    Highlighted work on ReDoS repair through symbolic representation and feature normalization.
  • ZIPPER: Static Taint Analysis for PHP Applications with Precision and Efficiency
    Xinyi Wang, Yeting Li*, Jie Lu, Shizhe Cui, Chenghang Shi, Qin Mai, Yunpei Zhang, Yang Xiao, Feng Li, Wei Huo: The 34th USENIX Security Symposium (USENIX Security 2025, CCF-A)
    Precise and efficient static taint analysis for PHP web applications.
  • From Constraints to Cracks: Constraint Semantic Inconsistencies as Vulnerability Beacons for Embedded Systems
    Jiaxu Zhao, Yuekang Li, Yanyan Zou, Yang Xiao, Naijia Jiang, Yeting Li, Nanyu Zhong, Bingwei Peng, Kunpeng Jian, Wei Huo: The 34th USENIX Security Symposium (USENIX Security 2025, CCF-A)
    Using constraint semantic inconsistencies as vulnerability signals in embedded systems.
  • CodeCleaner: Elevating Standards with A Robust Data Contamination Mitigation Toolkit
    Jialun Cao, Songqiang Chen, Wuqi Zhang, Hau Ching Lo, Yeting Li*, Shing-Chi Cheung: The 16th Asia-Pacific Symposium on Internetware (Internetware 2025, CCF-C)
    Toolkit support for mitigating benchmark data contamination in LLM-based code evaluation.
  • A Large Scale Study of AI-based Binary Function Similarity Detection Techniques for Security Researchers and Practitioners
    Jingyi Shi, Yufeng Chen, Yang Xiao, Yuekang Li, Zhengzi Xu, Sihao Qiu, Chi Zhang, Keyu Qi, Yeting Li, Xingchu Chen, Yanyan Zou, Yang Liu, Wei Huo: The 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025, CCF-A)
    Large-scale empirical study of AI-based binary function similarity detection for security practice.
  • Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems
    Defang Bo, Jie Lu, Feng Li, Jingting Chen, Jinchen Wang, Chendong Yu, Yeting Li, Wei Huo: The 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025, CCF-A)
    Security analysis of resource injection vulnerabilities in Kubernetes ecosystems.
  • Vulnerability-Affected Versions Identification: How Far Are We?
    Xingchu Chen, Chengwei Liu, Jialun Cao, Yang Xiao, Xinyue Cai, Yeting Li, Jingyi Shi, Tianqi Sun, Haiming Chen, Wei Huo: The 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025, CCF-A)
    Measurement of vulnerability-affected version identification and its practical limitations.
  • A Survey of Protocol Fuzzing
    Xiaohan Zhang, Cen Zhang, Xinghua Li, Zhengjie Du, Bing Mao, Yuekang Li, Yaowen Zheng, Yeting Li, Li Pan, Yang Liu, Robert Deng: ACM Computing Surveys (CSUR), 57(2): 35:1-35:36, 2025
    Comprehensive survey of protocol fuzzing techniques, challenges, and future directions.

2024

  • Fuzzing for Stateful Protocol Implementations: Are We There Yet?
    Kunpeng Jian, Yanyan Zou, Yeting Li*, Jialun Cao, Menghao Li, Jian Sun, Jingyi Shi, Wei Huo: The 18th Theoretical Aspects of Software Engineering Conference (TASE 2024, CCF-C), 29 July - 1 August, 2024, Guiyang, China
    Study and benchmark of fuzzing techniques for stateful protocol implementations.
  • How Effective Are They? Exploring Large Language Model Based Fuzz Driver Generation
    Cen Zhang, Yaowen Zheng, Mingqiang Bai, Yeting Li, Wei Ma, Xiaofei Xie, Yuekang Li, Limin Sun, Yang Liu: The 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2024, CCF-A), 16 - 20 September, 2024, Vienna, Austria
    Evaluation of large language model based fuzz driver generation.
  • Semantic-Enhanced Static Vulnerability Detection in Baseband Firmware
    Yiming Liu, Cen Zhang, Feng Li, Yeting Li, Jianhua Zhou, Jian Wang, Lanlan Zhan, Yang Liu, Wei Huo: The 46th International Conference on Software Engineering (ICSE 2024, CCF-A), 14 - 20 April 2024, Lisbon, Portugal AwardACM SIGSOFT Distinguished Paper Award
    Semantic-enhanced static vulnerability detection for baseband firmware.
  • Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems
    Jiaxu Zhao, Yuekang Li, Yanyan Zou, Zhaohui Liang, Yang Xiao, Yeting Li, Bingwei Peng, Nanyu Zhong, Xinyi Wang, Wei Wang, Wei Huo: The 33rd USENIX Security Symposium (USENIX Security 2024, CCF-A), 14 - 16 August 2024, Philadelphia, PA, USA
    Enhancing embedded-system taint analysis by modeling semantic relations in code and data.
  • File Hijacking Vulnerability: The Elephant in the Room
    Chendong Yu, Yang Xiao, Jie Lu, Yuekang Li, Yeting Li, Lian Li, Yifan Dong, Jian Wang, Jingyi Shi, Defang Bo, Wei Huo: The 31st Annual Network and Distributed System Security Symposium (NDSS 2024, CCF-A), 26 Feb - 1 March 2024, San Diego, California
    Systematic study of file hijacking vulnerabilities and real-world security risks.

2023

  • Aster: Automatic Speech Recognition System Accessibility Testing for Stutterers
    Yi Liu, Yuekang Li, Gelei Deng, Felix Juefei-Xu, Yao Du, Cen Zhang, Chengwei Liu, Yeting Li, Lei Ma, Yang Liu: The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023, CCF-A), 11 - 15 Sep 2023, Kirchberg, Luxembourg
    Accessibility testing framework for speech recognition systems used by stutterers.
  • ACETest: Automated Constraint Extraction for Testing Deep Learning Operators
    Jingyi Shi, Yang Xiao, Yuekang Li, Yeting Li, Dongsong Yu, Chendong Yu, Hui Su, Yufeng Chen, Wei Huo: The 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2023, CCF-A), 17 - 21 July 2023, Washington, United States
    Automated constraint extraction for testing deep learning operators.
  • Effective ReDoS Detection by Principled Vulnerability Modeling and Exploit Generation
    Xinyi Wang, Cen Zhang, Yeting Li*, Zhiwu Xu, Shuailin Huang, Yi Liu, Yican Yao, Yang Xiao, Yanyan Zou, Yang Liu, Wei Huo: The 44th IEEE Symposium on Security and Privacy (S&P 2023, CCF-A), 22 - 25 May 2023, San Francisco, CA
    Principled ReDoS vulnerability modeling and exploit generation.

2022

  • RegexScalpel: Regular Expression Denial of Service (ReDoS) Defense by Localize-and-Fix
    Yeting Li, Yecheng Sun, Zhiwu Xu, Jialun Cao, Yuekang Li, Rongchen Li, Haiming Chen, Shing-Chi Cheung, Yang Liu, Yang Xiao: The 31st USENIX Security Symposium (USENIX Security 2022, CCF-A), 10 - 12 Aug 2022, BOSTON, MA, USA
    Localize-and-fix defense for ReDoS vulnerabilities in regular expressions.

  • Learning Disjunctive Multiplicity Expressions and Disjunctive Generalize Multiplicity Expressions from Both Positive and Negative Examples
    Yeting Li, Haiming Chen, Zixuan Chen: The Computer Journal 2022, CCF-B
    Learning XML multiplicity expressions from positive and negative examples.

  • SemMT: A Semantic-based Testing Approach for Machine Translation Systems
    Jialun Cao, Meiziniu Li, Yeting Li, Ming Wen, Shing-Chi Cheung, Haiming Chen: ACM Transactions on Software Engineering and Methodology (TOSEM 2022, CCF-A)
    Semantic-based testing approach for machine translation systems.

2021

  • ReDoSHunter: A Combined Static and Dynamic Approach for Regular Expression DoS Detection
    Yeting Li, Zixuan Chen, Jialun Cao, Zhiwu Xu, Qiancheng Peng, Haiming Chen, Liyuan Chen, Shing-Chi Cheung: The 30th USENIX Security Symposium (USENIX Security 2021, CCF-A), 11 - 13 Aug 2021, Virtual
    Combined static and dynamic detection for regular expression denial-of-service vulnerabilities.

  • TransRegex: Multi-modal Regular Expression Synthesis by Generate-and-Repair
    Yeting Li, Shuaimin Li, Zhiwu Xu, Jialun Cao, Zixuan Chen, Yun Hu, Haiming Chen, Shing-Chi Cheung: The 43rd International Conference on Software Engineering (ICSE 2021, CCF-A), 25 - 28 May 2021, Virtual (originally in Madrid, Spain)
    Multi-modal regular expression synthesis through generate-and-repair.

2020

  • FlashRegex: Deducing Anti-ReDoS Regexes from Examples
    Yeting Li, Zhiwu Xu, Jialun Cao, Haiming Chen, Tingjian Ge, Shing-Chi Cheung, Haoren Zhao: The 35th IEEE/ACM International Conference on Automated Software Engineering (ASE 2020, CCF-A), 21 - 25 Sep 2020, Melbourne, Australia
    Example-guided inference of anti-ReDoS regular expressions.

  • Inferring Restricted Regular Expressions with Interleaving from Positive and Negative Samples
    Yeting Li, Haiming Chen, Lingqi Zhang, Bo Huang, Jianzhao Zhang: The 24th Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2020, CORE-A), 11 - 14 May 2020, Singapore
    Learning restricted regular expressions with interleaving from labeled examples.

  • FlashSchema: Achieving High Quality XML Schemas with Powerful Inference Algorithms and Large-scale Schema Data
    Yeting Li, Jialun Cao, Haiming Chen, Tingjian Ge, Zhiwu Xu, Qiancheng Peng: The 36th IEEE International Conference on Data Engineering (ICDE 2020, CCF-A), 20 - 24 Apr 2020, Dallas, Texas
    High-quality XML schema inference using powerful algorithms and large-scale schema data.

2019

  • Learning k-Occurrence Regular Expressions from Positive and Negative Samples
    Yeting Li, Xiaoying Mou, Haiming Chen: The 38th International Conference on Conceptual Modeling (ER 2019, CORE-A), 4 - 7 Nov 2019, Salvador, Bahia, Brazil
    Learning k-occurrence regular expressions from positive and negative samples.

  • Context-free Grammars for Deterministic Regular Expressions with Interleaving
    Xiaoying Mou, Haiming Chen, Yeting Li: The 16th International Colloquium on Theoretical Aspects of Computing (ICTAC 2019, CCF-C), Oct 31 - Nov 4, 2019, Hammamet, Tunisia
    Formal grammar characterization for deterministic regular expressions with interleaving.

  • An Effective Algorithm for Learning Single Occurrence Regular Expressions with Interleaving
    Yeting Li, Haiming Chen, Xiaolan Zhang, Lingqi Zhang: The 23rd International Database Engineering & Applications Symposium (IDEAS 2019, CORE-B), 10 - 12 Jun 2019, Athens, Greece
    Algorithmic learning of single-occurrence regular expressions with interleaving.

  • Learning k-Occurrence Regular Expressions with Interleaving
    Yeting Li, Xiaolan Zhang, Jialun Cao, Haiming Chen, Chong Gao: The 24th International Conference on Database Systems for Advanced Applications (DASFAA 2019, CCF-B), 22 - 25 Apr 2019, Chiang Mai, Thailand
    Learning expressive XML-schema regular expression classes with interleaving.

  • Learning DMEs from Positive and Negative Examples
    Yeting Li, Chunmei Dong, Xinyu Chu, Haiming Chen: The 24th International Conference on Database Systems for Advanced Applications (DASFAA 2019, CCF-B), 22 - 25 Apr 2019, Chiang Mai, Thailand
    Learning disjunctive multiplicity expressions from positive and negative samples.

  • A Large-Scale Repository of Deterministic Regular Expression Patterns and Its Applications
    Haiming Chen, Yeting Li, Chunmei Dong, Xinyu Chu, Xiaoying Mou, Weidong Min: The 23rd Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2019, CORE-A), 14 - 17 Apr 2019, Macao, China
    Large-scale repository of deterministic regular expression patterns and applications.

  • Learning Restricted Regular Expressions with Interleaving
    Chunmei Dong, Yeting Li, Haiming Chen: The 45th International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2019, CORE-B), SRF, 27 - 30 Jan 2019, Nový Smokovec, Slovakia
    Learning restricted regular expressions with interleaving for structured data.

2018

  • Learning Concise Relax NG Schemas Supporting Interleaving from XML Documents
    Yeting Li, Xiaoying Mou, Haiming Chen: The 14th Advanced Data Mining and Applications (ADMA 2018, CORE-B), 16 - 18 Nov 2018, Nanjing, China
    Concise Relax NG schema inference supporting interleaving.

  • Learning Restricted Regular Expressions with Interleaving from XML Data
    Yeting Li, Xiaolan Zhang, Han Xu, Xiaoying Mou, Haiming Chen: The 37th International Conference on Conceptual Modeling (ER 2018, CORE-A), 22 - 25 Oct 2018, Xi’an, China
    Inference of restricted regular expression models from XML data.

  • Inferring Regular Expressions with Interleaving from XML Data
    Xiaolan Zhang, Yeting Li, Fei Tian, Fanlin Cui, Chunmei Dong, Haiming Chen: The 2nd Asia Pacific Web (APWeb) and Web-Age Information Management (WAIM) Joint Conference on Web and Big Data (APWeb-WAIM 2018, CCF-C), 23 - 25 Jul 2018, Macao, China
    XML-driven inference of regular expressions with interleaving.

  • Practical Study of Deterministic Regular Expressions from Large-scale XML and Schema Data
    Yeting Li, Xinyu Chu, Xiaoying Mou, Chunmei Dong, Haiming Chen: The 22nd International Database Engineering & Applications Symposium (IDEAS 2018, CORE-B), 18 - 20 Jun 2018, Villa San Giovanni, Italy
    Empirical study of deterministic regular expressions in large XML and schema corpora.

  • Inference of a Concise Regular Expression Considering Interleaving from XML Documents
    Xiaolan Zhang, Yeting Li, Fanlin Cui, Chunmei Dong, Haiming Chen: The 22nd Pacific-Asia Conference on Knowledge Discovery and Data Mining (PAKDD 2018, CORE-A), 3 - 6 Jun 2018, Melbourne, Australia
    Inference of concise regular expressions with interleaving from XML documents.

2016

  • Practical Study of Subclasses of Regular Expressions in DTD and XML Schema
    Yeting Li, Xiaolan Zhang, Feifei Peng, Haiming Chen: The 18th Asia Pacific Web Conference (APWeb 2016, CCF-C), 23 - 25 Sep, Suzhou, China
    Empirical study of regular-expression subclasses in DTD and XML Schema.

Last Updated: 04/27/2026