About me
I am a Ph.D student in the Department of Computer Science and Engineering at University at Buffalo. Before that, I was a Ph.D candidate in the School of Electrical Engineering and Computer Science at Washington State University. My advisor is Dr. Haipeng Cai. My research interests are in Software Engineering and Software Security.
Research Projects:
Automated Adaptive Prompting Large Language Models for Real-World Software Vulnerability Analysis
Timely and effective vulnerability detection and patching is essential for cybersecurity defense, for which various approaches have been proposed yet still struggle to detect and patch vulnerabilities effectively for real-world projects. In this project, we explore how to leverage large language models and in-context learning to address key software vulnerability analysis tasks: identifying given types of vulnerabilities, discovering vulnerabilities of any type, and patching detected vulnerabilities.
Automatically Generating Realistic Vulnerabilities for Vulnerability Analysis
Large-scale and realistic vulnerability datasets are essential for both benchmarking existing techniques and developing effective data-driven approaches for software security. In this project, we explore how to automatically generate realistic vulnerabilities by injecting vulnerabilities to the widely available real-world normal programs, through deep learning-based and pattern-based code editors.
On the Open Science of Deep Learning-Based Vulnerability Detection
Open science is a practice that makes scientific research publicly accessible to anyone, hence is highly beneficial. Given that an increasing number of deep learning-based vulnerability detection approaches are explored, we exhaustively search the literature in this area and comprehensively investigate the four integral aspects of open science: availability, executability, reproducibility, and replicability.
Evaluating and Comparing Memory Error Vulnerability Detectors
Memory error vulnerabilities have been consequential and several well-known, open-source memory error vulnerability detectors exist, built on static and/or dynamic code analysis. In this project, we conduct an empirical study that evaluates and compares state-of-the-art memory error vulnerability detectors against publicly available benchmark datasets of C/C++ programs, with case studies to gain in-depth explanations of successes and failures of individual tools.