Research Group

Welcome to CuriOSity!

research loop enlarged

CuriOSity is a cybersecurity research group led by Prof. Zhenkai Liang at NUS.

Our research mainly focuses on system security, covering provenance, anomaly detection, trusted computing, Android malware detection, cyber range and attack replay, vulnerability detection and management, program analysis, fuzzing and testing, AI for security, etc.

Group Motto: Understanding systems, abstracting knowledge, and connecting facts.

理解系统,提炼知识,参悟规律。

research loop

Latest News

Sep 2025

🎉 Our recent work on differential testing of the PHP interpreter is accepted at ASE'25!

Sep 2025

🎉 Our recent work on LLM-based log parsing is accepted at ASE'25!

Sep 2025

🎉 Our recent work on software-supply-chain vulnerability assessment is accepted at ASE'25!

Apr 2025

🎉 Our recent work on evaluating disassemblers with only binaries is accepted at AsiaCCS'25!

Mar 2025

🎉 Our recent work on sandboxing client data in CVMs is accepted at EuroSys'25!

Featured Publications

Refer to this link for the full list of publications.

ZendDiff: Differential Testing of PHP Interpreter

Yuancheng Jiang*, Jianing Wang*, Qiange Liu, Yeqi Fu, Jian Mao, Roland H. C. Yap, Zhenkai Liang.

In the 40th IEEE/ACM International Conference on Automated Software Engineering, 2025.

Improving LLM-based Log Parsing by Learning from Errors in Reasoning Traces

Jialai Wang, Juncheng Lu, Jie Yang, Junjie Wang, Zeyu Gao, Chao Zhang, Zhenkai Liang, Ee-Chien Chang.

In the 40th IEEE/ACM International Conference on Automated Software Engineering, 2025.

Propagation-Based Vulnerability Impact Assessment for Software Supply Chains

Bonan Ruan, Zhiwei Lin, Jiahao Liu, Chuqi Zhang, Kaihang Ji, Zhenkai Liang.

In the 40th IEEE/ACM International Conference on Automated Software Engineering, 2025.

Evaluating Disassembly Errors With Only Binaries

Lambang Akbar Wijayadi, Yuancheng Jiang, Roland Yap, Zhenkai Liang, Zhuohao Liu.

In ACM Asia Conference on Computer and Communications Security, 2025.

Erebor: A Drop-In Sandbox Solution for Private Data Processing in Untrusted Confidential Virtual Machines

Chuqi Zhang, Rahul Priolkar, Yuancheng Jiang, Yuan Xiao, Mona Vij, Zhenkai Liang, Adil Ahmad.

In the 20th ACM European Conference on Computer Systems, 2025.

Fuzzing the PHP Interpreter via Dataflow Fusion

Yuancheng Jiang, Chuqi Zhang, Bonan Ruan, Jiahao Liu, Manuel Rigger, Roland Yap, Zhenkai Liang.

Distinguished Paper Award

In the 34th USENIX Security Symposium, 2025.

UI-CTX: Understanding UI Behaviors with Code Contexts for Mobile Applications

Jiawei Li*, Jiahao Liu*, Jian Mao, Jun Zeng, Zhenkai Liang.

In the 32nd Network and Distributed System Security Symposium, 2025.

The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches

Chuqi Zhang, Jun Zeng, Yiming Zhang, Adil Ahmad, Fengwei Zhang, Zhenkai Liang, Hai Jin.

In Proceedings of the 31th ACM Conference on Computer and Communications Security, 2024.

MaskDroid: Robust Android Malware Detection with Masked Graph Representations

Jingnan Zheng*, Jiahao Liu*, An Zhang, Jun Zeng, Ziqi Yang, Zhenkai Liang, Tat-Seng Chua.

In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, 2024.

CrypTody: Cryptographic Misuse Analysis of IoT Firmware via Data-flow Reasoning

Jianing Wang, Shanqing Guo, Wenrui Diao, Yue Liu, Haixin Duan, Yichen Liu, Zhenkai Liang.

In 27th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2024).

KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities

Bonan Ruan, Jiahao Liu, Chuqi Zhang, Zhenkai Liang.

Best Practical Paper Award

In 27th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2024).

UIHASH: Detecting Similar Android UIs through Grid-Based Visual Appearance Representation

Jiawei Li, Jian Mao, Jun Zeng, Qixiao Lin, Shaowen Feng, Zhenkai Liang.

In Proceedings of the 33rd USENIX Security Symposium, 2024.

Detecting Logic Bugs in Graph Database Management Systems via Injective and Surjective Graph Query Transformation

Yuancheng Jiang, Jiahao Liu, Jinsheng Ba, Roland Yap, Zhenkai Liang, Manuel Rigger.

In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, 2024.

Learning Graph-based Code Representations for Source-level Functional Similarity Detection

Jiahao Liu*, Jun Zeng*, Xiang Wang and Zhenkai Liang.

In Proceedings of the 45th International Conference on Software Engineering, 2023.

PalanTír: Optimizing Attack Provenance with Hardware-enhanced System Observability

Jun Zeng*, Chuqi Zhang*, Zhenkai Liang.

In Proceedings of the 29th ACM Conference on Computer and Communications Security, 2022.

FlowMatrix: GPU-Assisted Information-Flow Analysis through Matrix-Based Representation

Kaihang Ji, Jun Zeng, Yuancheng Jiang, Zhenkai Liang, Zheng Leong Chua, Prateek Saxena, Abhik Roychoudhury.

In Proceedings of the 31st USENIX Security Symposium, 2022.

Tell: Log Level Suggestions via Modeling Multi-level Code Block Information

Jiahao Liu, Jun Zeng, Xiang Wang, Kaihang Ji, Zhenkai Liang.

In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, 2022.

ShadeWatcher: Recommendation-guided Cyber Threat Analysis using System Audit Records

Jun Zeng, Xiang Wang, Jiahao Liu, Yinfang Chen, Zhenkai Liang, Tat-Seng Chua, Zheng Leong Chua.

In Proceedings of the 43rd IEEE Symposium on Security and Privacy, 2022.

Watson: Abstracting Behaviors from Audit logs via Aggregation of Contextual Semantics

Jun Zeng, Zheng Leong Chua, Yinfang Chen, Kaihang Ji, Zhenkai Liang, Jian Mao.

In Proceedings of the 28th Annual Network and Distributed System Security Symposium, 2021.