Publications

Jiaqian Peng, Puzhuo Liu, Yicheng Zeng, Kai Cheng, Yongji Liu, Yun Yang, Hongsong Zhu (2026). Bridge: High-Order Taint Vulnerabilities Detection in Linux-based IoT Firmware. 47th IEEE Symposium on Security and Privacym (S&P).

Cite

Chuan Qin, Cen Zhang, Yaowen Zheng, Puzhuo Liu, Jian Zhang, Yeting Li, Weidong Zhang, Yang Liu, Limin Sun (2026). User-Space Dependency-Aware Rehosting for Linux-Based Firmware Binaries. Network and Distributed System Security (NDSS) Symposium.

Cite

Yuncheng Wang, Yaowen Zheng, Puzhuo Liu, Dongliang Fang, Jiaxin Cheng, Dingyi Shi, Limin Sun (2026). ADGFUZZ: Assignment Dependency-Guided Fuzzing for Robotic Vehicles. Network and Distributed System Security (NDSS) Symposium.

Cite

Puzhuo Liu, Peng Di, Yu Jiang (2025). Function Renaming in Reverse Engineering of Embedded Device Firmware with ChatGPT. Proceedings of the 1st ACM SIGPLAN International Workshop on Language Models and Programming Languages (LMPL 25 co-hosted by ICFP/SPLASH 2025).

Cite

Puzhuo Liu, Chengnian Sun, Yaowen Zheng, Xuan Feng, Chuan Qin, Yuncheng Wang, Zhenyang Xu, Zhi Li, Peng Di, Yu Jiang, Limin Sun (2025). LLM-Powered Static Binary Taint Analysis. ACM Transactions on Software Engineering and Methodology (TOSEM).

Cite

Yuncheng Wang, Puzhuo Liu, Dongliang Fang, Zhiwen Pan , Shuaizong Si, Weidong Zhang, Limin Sun (2025). Automated Flaw Detection for Industrial Robot RESTful Service. 26th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI).

Cite

Zhenyang Xu, Yongqiang Tian, Mengxiao Zhang, Jiarui Zhang, Puzhuo Liu, Yu Jiang, Chengnian Sun (2024). T-Rec: Fine-Grained Language-Agnostic Program Reduction Guided by Lexical Syntax. ACM Transactions on Software Engineering and Methodology (TOSEM).

Cite

Yang Zhang, Doliang Fang, Puzhuo Liu, Laile Xi, Xiao Lu, Shuaizong Si, Limin Sun (2024). MSGFuzzer: Message Sequence Guided Industrial Robot Protocol Fuzzing. 2024 IEEE International Conference on Software Testing, Verification and Validation (ICST).

Cite

Puzhuo Liu, Yaowen Zheng, Chengnian Sun, Hong Li, Zhi Li, Limin Sun (2024). Battling against Protocol Fuzzing: Protecting Networked Embedded Devices from Dynamic Fuzzers. ACM Transactions on Software Engineering and Methodology (TOSEM).

Cite

Mingqiang Bai, Puzhuo Liu, Fei Lv, Dongliang Fang, Shichao Lv, Weidong Zhang, Limin Sun (2024). Adversarial Attack Against Intrusion Detectors in Cyber-Physical Systems With Minimal Perturbations. The 22nd IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA).

Cite

Puzhuo Liu, Yaowen Zheng, Chengnian Sun, Chuan Qin, Dongliang Fang, Mingdong Liu, Limin Sun (2023). FITS: Inferring Intermediate Taint Sources for Effective Vulnerability Analysis of IoT Device Firmware. 2023 Architectural Support for Programming Languages and Operating Systems (ASPLOS).

Cite

Chuan Qin, Jiaqian Peng, Puzhuo Liu, Yaowen Zheng, Kai Cheng, Weidong Zhang, Limin Sun (2023). UCRF: Static analyzing firmware to generate under-constrained seed for fuzzing SOHO router. Computers & Security.

Cite

Weiqing Huang, Yangyang Zong, Zhixin Shi, Puzhuo Liu (2023). MESCAL: Malicious Login Detection Based on Heterogeneous Graph Embedding with Supervised Contrastive Learning. 2023 IEEE Symposium on Computers and Communications (ISCC).

Cite

Dongliang Fang, Puzhuo Liu, Chuan Qin, Zhanwei Song, Yuyan Sun, Zhiqiang Shi, Limin Sun (2022). Survey of Research on Protocol Security of Industrial Control System. Journal of Computer Research and Development (Chinese).

Cite

Yetong Ma, Yunjie Ding, Puzhuo Liu, Shichao Lv, Zhiwen Pan , Limin Sun (2022). Integrated Risk Assessment Algorithm for Functional Safety and Information Security of Industrial Control Systems. Journal of Cyber Security (Chinese).

Cite

Puzhuo Liu, Yaowen Zheng, Zhanwei Song, Dongliang Fang, Shichao Lv, Limin Sun (2022). Fuzzing proprietary protocols of programmable controllers to find vulnerabilities that affect physical control. Journal of Systems Architecture.

Cite

Puzhuo Liu, Dongliang Fang, Chuan Qin, Kai Cheng, Shichao Lv, Hongsong Zhu, Limin Sun (2022). Finding Vulnerabilities in Internal-binary of Firmware with Clues. ICC 2022-IEEE International Conference on Communications (ICC).

Cite

Puzhuo Liu, Yetong Ma, Shichao Lv, Dongliang Fang, Hongsong Zhu, Limin Sun (2021). Survey on the Integration of Safety and Security in Indus-trial Control Systems. Journal of Cyber Security (Chinese).

Cite

Dongliang Fang, Zhanwei Song, Le Guan, Puzhuo Liu, Anni Peng, Kai Cheng, Yaowen Zheng, Peng Liu, Hongsong Zhu, Limin Sun (2021). ICS$^3$fuzzer: A framework for discovering protocol implementation bugs in ics supervisory software by fuzzing. Annual Computer Security Applications Conference (ACSAC).

Cite

Shuangpeng Bai, Hui Wen, Dongliang Fang, Yue Sun, Puzhuo Liu, Limin Sun (2021). DSS: discrepancy-aware seed selection method for ICS protocol fuzzing. International Conference on Applied Cryptography and Network Security (ACNS).

Cite