Selected Publications (More in DBLP and Google Scholar):

Conference Papers / Journal Papers

•L. Yu, Y. Liu, P. Jing, X. Luo, L. Xue, K. Zhao, Y. Zhou, T. Wang, G. Gu, S. Nie, and S. Wu, "Towards Automatically Reverse Engineering Vehicle Diagnostic Protocols", Proc. of the 31th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
•J. Li, H. Zhou, S. Wu, X. Luo, T. Wang, X. Zhan, and X. Ma, “FOAP: Fine-Grained Open-World Android App Fingerprinting”, Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
•L. Xue, Y. Liu, T. LI, K. Zhao, J. Li, L. Yu, X. Luo, Y. Zhou, and G. Gu, “SAID: State-aware Defense Against Injection Attacks on In-vehicle Network", Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
•R. Pang, Z. Xi, S. Ji, X. Luo, and T. Wang, “On the Security Risks of AutoML”, Proc. of the 31st USENIX Security Symposium (USENIX SEC), Boston, USA, August 2022.
•P. Xia, H. Wang, B. Gao, W. Su, Z. Yu, X. Luo, C. Zhang, X. Xiao, and G. Xu, “Trade or Trick? Detecting and Characterizing Scam Tokens on Uniswap Decentralized Exchange”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Mumbai, India, June 2022.
•S. Wang, Y. Wang, X. Zhan, Y. Wang, Y. Liu, X. Luo, and S. Cheung, “Aper: Evolution-Aware Runtime Permission Misuse Detection for Android Apps”, Proceedings of the 44th International Conference on Software Engineering (ICSE), Pittsburgh, USA, May 2022.
•Y. Zhu, Y. Lai, K. Zhao, X. Luo, M. Yuan, J. Ren, and K. Zhou, “BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection”, Proc. of the 38th IEEE International Conference on Data Engineering (ICDE), Kuala Lumpur, Malaysia, May 2022.
•J. Qu, X. Ma, W. Liu, H. Sang, J. Li, L.Xue, X. Luo, Z. Li, L. Feng, X. Guan, “Landing Reinforcement Learning onto Smart Scanning of The Internet of Things”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), May 2022.
•M. Jiang, T. Xu, Y. Zhou, Y. Hu, M. Zhong, L. Wu, X. Luo, and K. Ren, "EXAMINER: Automatically Locating Inconsistent Instructions between Real Devices and CPU Emulators for ARM", Proc. of the 27th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), Lausanne, Switzerland, February 2022.
•J. Li, S. Wu, H. Zhou, X. Luo, T. Wang, Y. Liu, and X. Ma, “Packet-Level Open-World App Fingerprinting on Wireless Traffic”, Proc. of the 29th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2022.
•H. Zhou, H. Wang, X. Luo, T. Chen, Y. Zhou, and T. Wang, “Uncovering Cross-Context Inconsistent Access Control Enforcement in Android”, Proc. of the 29th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2022.
•M. Jiang, L. Ma, Y. Zhou, Q. Liu, C. Zhang, Z. Wang, X. Luo, L. Wu, and K. Ren, “ECMO: Peripheral Transplantation to Rehost Embedded Linux Kernels”, Proc. of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
•K. Zhao, H. Zhou, Y. Zhu, K. Zhou, X. Zhan, J. Li, L. Yu, W. Yuan, and X. Luo, “Structural Attack against Graph Based Android Malware Detection”, Proc. of the 28th ACM Conference on Computer and Communications Security (CCS), Seoul, Korea, November 2021.
•H. Zhou, H. Wang, S. Wu, X. Luo, Y. Zhou, T. Chen, and T. Wang, "Finding the Missing Piece: Permission Specification Analysis for Android NDK", Proc. of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, November 2021.
•Q. Liu, C. Zhang, L. Ma, M. Jiang, Y. Zhou, L. Wu, W. Shen, X. Luo, Y. Liu, and K. Ren, "FirmGuide: Boosting the Capability of Rehosting Embedded Linux Kernels through Model-Guided Kernel Execution", Proc. of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, November 2021.
•X. Chen, S. Zhao, J. Qi, J. Jiang, H. Song, C. Wang, T. Li, T. Chan, F. Zhang, X. Luo, S. Wang, G. Zhang, and H. Cui, “Efficient and DoS-resistant Consensus for Permissioned Blockchains”, Proc. of the 39th IFIP WG 7.3 International Symposium on Computer Performance, Modeling, Measurements and Evaluation (Performance), Politecnico Di Milano, Italy, November 2021.
•Y. Shi, M. Li, W. Wei, Y. Liu, and X. Luo, “Secure and Efficient White-box Encryption Scheme for Data Protection against Shared Cache Attacks in Cloud Computing”, Proc. of the 32nd International Symposium on Software Reliability Engineering (ISSRE), Wuhan, China, October 2021
•P. Jing, Q. Tang, Y. Du, L. Xue, X. Luo, T. Wang, S. Nie, and S. Wu, "Too Good to Be Safe: Tricking Lane Detection in Autonomous Driving with Crafted Perturbations.", Proc. of the 30th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2021.
•N. He, R. Zhang, H. Wang, L. Wu, X. Luo, Y. Guo, T. Yu, and X. Jiang, "EOSAFE: Security Analysis of EOSIO Smart Contracts", Proc. of the 30th USENIX Security Symposium (USENIX SEC), Vancouver, Canada, August 2021.
•C. Wang, K. Yu, Y. Cai, X. Luo, and Z. Yang, "Detecting Concurrency Vulnerabilities Based on Partial Orders of Memory and Thread Events", Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Athens, Greece, August 2021.
•Y. Wang, Q. Zhang, K. Li, J. Chen, Y. Tang, X. Luo, and T. Chen, “Towards Practical and Cost-Effective Batching of Smart-Contract Invocations on Ethereum”, Proc. of the 29th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), Athens, Greece, August 2021.
•L. Xue, Y. Yan, L. Yan, M. Jiang, X. Luo, D. Wu, W. Hu, and Y. Zhou, "Parema: An Unpacking Framework for Demystifying VM-based Android Packers", Proc. of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Aarhus, Denmark, July 2021. Source Code
•W. Chen, X. Li, Y. Sui, N. He, H. Wang, L. Wu, and X. Luo, “SADPonzi: Detecting and Characterizing Ponzi Schemes in Ethereum Smart Contracts”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Beijing, China, June 2021.
•B. Gao, H. Wang, P. Xia, S. Wu, Y. Zhou, X. Luo, and G. Tyson, “Tracking Counterfeit Cryptocurrency End-to-end”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Beijing, China, June 2021.
•L. Xue, H. Zhou, X. Luo, Y. Zhou, Y. Shi, G. Gu, F. Zhang, and M. Au, "Happer: Unpacking Android Apps via a Hardware-Assisted Approach", Proc. of the 42nd IEEE Symposium on Security and Privacy (S&P), May 2021. Source Code
•X. Zhan, L. Fan, S. Chen, F. Wu, T. Liu, X. Luo, and Y. Liu, “ATVHunter: Reliable Version Detection of Third-Party Libraries for Vulnerability Identification in Android Apps”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.(ACM SIGSOFT Distinguished Paper Award)
•Z. Wan, X. Xia, D. Lo, J. Chen, X. Luo, and X. Yang, “Smart Contract Security: a Practitioners’ Perspective”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.
•Y. Hu, H. Wang, T. Ji, X. Xiao, X. Luo, P. Gao, and Y. Guo, “CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies”, Proc. of the 43rd International Conference on Software Engineering (ICSE), May 2021.
•X. Ma, M. Shi, B. An, J. Li, X. Luo, J. Zhang, and X. Guan, “Context-aware Website Fingerprinting over Encrypted Proxies”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), May 2021.
•L. Wu, Y. Hu, Y. Zhou, H. Wang, X. Luo, Z. Wang, F. Zhang, and K. Ren, "Towards Understanding and Demystifying Bitcoin Mixing Services", Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
•Y. Gao, H. Wang, L. Li, X. Luo, X. Liu, and G. Xu, "Demystifying Illegal Mobile Gambling Apps", Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
•H. Li, S. Zhou, W. Yuan, X. Luo, C. Gao, and S. Chen, “Robust Android Malware Detection Against Adversarial Example Attacks”, Proc. of the 30th the Web Conference (WWW), Ljubljana, Slovenia, April 2021.
•K. Li, J. Chen, X. Liu, Y. Tang, X. Wang, and X. Luo, “As Strong As Its Weakest Link: How to Break Blockchain DApps at RPC Service”, Proc. of the 28th Network and Distributed System Security Symposium (NDSS), February 2021.
•Y. Tang, Y. Sui, H. Wang, X. Luo, H. Zhou, and Z. Xu, “All Your App Links are Belong to Us: Understanding the Threats of Instant Apps based Attacks”, Proc. of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE), California, USA, November 2020.
•R. Pang, H. Shen, X. Zhang, S. Ji, Y. Vorobeychik, X. Luo, A. Liu, and T. Wang, “The Tale of Evil Twins: Adversarial Inputs versus Poisoned Models”, Proc. of the 27th ACM Conference on Computer and Communications Security (CCS), Orlando, USA, November 2020.
•M. Fan, L. Yu, S. Chen, H. Zhou, X. Luo, S. Li, Y. Liu, J. Liu, and T. Liu, "An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps", Prof. of the 31st International Symposium on Software Reliability Engineering (ISSRE), Coimbra, Portugal, October 2020.
•H. Zhou, H. Wang, Y. Zhou, X. Luo, Y. Tang, L. Xue, and T. Wang, "Demystifying Diehard Android Apps", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
•H. Zhou, T. Chen, H. Wang, L. Yu, X. Luo, T. Wang, and W. Zhang, "UI Obfuscation and Its Effects on Automated UI Analysis for Android Apps", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
•X. Zhan, L. Fan, T. Liu, S. Chen, L. Li, H. Wang, Y. Xu, X. Luo, and Y. Liu, "Automated Third-party Library Detection for Android Applications: Are We There Yet?", Proc. of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE), Melbourne, Australia, September 2020. Source Code
•P. Zhang, F. Xiao, and X. Luo, "A Framework and Data Set for Bugs in Ethereum Smart Contracts", Proc. of the 36th International Conference on Software Maintenance and Evolution (ICSME), Adelaide, Australia, September 2020. Source Code
•Q. Kang, L. Xue, A. Morrison, Y. Tang, A. Chen, and X. Luo, “Programmable In-Network Security for Context-aware BYOD Policies”, Proc. of the 29th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2020.Source Code
•X. Zhang, N. Wang, H. Shen, S. Ji, X. Luo, and T. Wang, “Interpretable Deep Learning under Fire”, Proc. of the 29th USENIX Security Symposium (USENIX SEC), Boston, USA, August 2020.
•R. Pang, X. Zhang, S. Ji, X. Luo, and T. Wang, “AdvMind: Inferring Adversary Intent of Black-Box Attacks”, Proc. of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining (KDD), California, USA, August 2020.
•M. Jiang, Y. Zhou, X. Luo, R. Wang, Y. Liu, and K. Ren, “An Empirical Study on ARM Disassembly Tools”, Proc. of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), Los Angeles, USA, July 2020.Source Code
•Y. Huang, H. Wang, L. Wu, G. Tyson, X. Luo, R. Zhang, X. Liu, G. Huang, and X. Jiang, “Understanding (Mis)Behavior on the EOSIO Blockchain”, Proc. of ACM International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), Boston, USA, June 2020.
•T. Liu, H. Wang, L. Li, X. Luo, Y. Guo, F. Dong, T. Bissyandé, and J. Klein, “MadDroid: Characterising and Detecting Devious Ad Content for Android Apps”, Proc. of the 29th the Web Conference (WWW), Taipei, April 2020.
•T. Chen, R. Cao, T. Li, X. Luo, G. Gu, Y. Zhang, Z. Liao, H. Zhu, G. Chen, Z. He, Y. Tang, X. Lin, and X. Zhang, "SODA: A Generic Online Detection Framework for Smart Contracts", Proc. of the 27th Network and Distributed System Security Symposium (NDSS), San Diego, California, February 2020.
•Y. Cai, Y. Tang, H. Li, L. Yu, H. Zhou, X. Luo, L. He, and P. Su, “Resource Race Attacks on Android”, Proc. of the 27th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Ontario, Canada, February 2020.
•T. Cao, J. Yu, J. Decouchant, X. Luo, and P. Esteves-Veríssimo, “Exploring the Monero Peer-to-Peer Network”, Proc. of the 24th International Conference on Financial Cryptography and Data Security (FC), Sabah, Malaysia, February 2020.
•D. Liu, A. Leung, M. Au, X. Luo, P. Chiu, S. Im and W. Lam, "Virtual Laboratory: Facilitating Teaching and Learning in Cybersecurity for Students with Diverse Disciplines", Proc. of the 8th IEEE Conference on Engineering, Technology, and Education (TALE), Yogyakarta, Indonesia, December 2019.(Best Paper Award)
•T. Chen, Y. Zhang, Z. Li, X. Luo, T. Wang, R. Cao, X. Xiao, and X. Zhang, “TokenScope: Automatically Detecting Inconsistent Behaviors of Cryptocurrency Tokens in Ethereum”, Proc. of the 26th ACM Conference on Computer and Communications Security (CCS), London, UK, November 2019.
•Y. Tang, X. Zhan, H. Zhou, X. Luo, Z. Xu, Y. Zhou, and Q. Yan, “Demystifying Application Performance Management Libraries for Android”, Proc. of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, United States, November 2019.
•Z. Xu, T. Zhang, Y. Zhang, Y. Tang, Jin Liu, X. Luo, and J. Keung, “Identifying Crashing Fault Residence Based on Cross Project Model”, Proc. of the 30th International Symposium on Software Reliability Engineering (ISSRE), Berlin, Germany, October 2019.
•Z. Cheng, X. Hou, R. Li, Y. Zhou, X. Luo, J. Li, and K. Ren, “Towards a First Step to Understand the Cryptocurrency Stealing Attack on Ethereum”, Proc. of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID), Beijing, China, September 2019.
•T. Chen, Z. Li, Y. Zhang, X. Luo, T. Wang, T. Hu, X. Xiao, D. Wang, J. Huang, and X. Zhang, “A Large-Scale Empirical Study on Control Flow Identification of Smart Contracts”, Proc. of the International Symposium on Empirical Software Engineering and Measurement (ESEM), Porto de Galinhas, Brazil, September 2019.(Best Paper Nominee)
•T. Chen, Z. Li, Y. Zhang, X. Luo, A. Chen, K. Yang, B. Hu, T. Zhu, S. Deng, T. Hu, J. Chen, and X. Zhang, “DataEther: Data Exploration Framework For Ethereum”, Proc. of the 39th IEEE International Conference on Distributed Computing Systems (ICDCS), Dallas, USA, July 2019.
•M. Fan, X. Luo, J. Liu, M. Wang, C. Nong, Q. Zheng, and T. Liu, “Graph Embedding based Familial Analysis of Android Malware using Unsupervised Learning”, Proc. of the 41st IEEE International Conference on Software Engineering (ICSE), Montreal, Canada, May 2019.
•M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo, “Detecting Vulnerable Android Inter-App Communication in Dynamically Loaded Code”, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Paris, France, April 2019.
•M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis”, Proc. of the 17th National Software Application Conference (NASAC) (Safety and Security of System Software Symposium), Shenzhen, China, November 2018. (Best Paper Award)
•Y. Ji, X. Zhang, S. Ji, X. Luo, and T. Wang, "Model-Reuse Attacks against Learning Systems", Proc. of the 25th ACM Conference on Computer and Communications Security(CCS), Toronto, Canada, October 2018.
•C. Wang, Z. Zhao, Y. Wang, D. Qin, X. Luo, and T. Qin, "DeepMatching: A Structural Seed Identification Framework for Social Network Alignment", Proc. of 38th IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 600-610, Vienna, Austria, July 2018.
•L. Yu, J. Chen, H. Zhou, X. Luo, and K. Liu, "Localizing Function Errors in Mobile Apps with User Reviews", Proc. of 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 418-429, Luxembourg, June 2018.
•T. Chen, Z. Li, H. Zhou, J. Chen, X. Luo, X. Li, and X. Zhang, "Towards Saving Money in Using Smart Contracts", Proc. of 40th IEEE International Conference on Software Engineering (ICSE) (NIER), pp. 81-84, Gothenburg, Sweden, May 2018.
•P. Zheng, Z. Zheng, X. Luo, X. Chen, and X. Liu, "A Detailed and Real-time Performance Monitoring Framework for Blockchain Systems", Proc. of 40th IEEE International Conference on Software Engineering (ICSE) (SEIP), pp. 134-143, Gothenburg, Sweden, May 2018.
•Z. Xu, S. Li, Y. Tang, X. Luo, T. Zhang, J. Liu, and J. Xu, "Cross Version Defect Prediction with Representative Data via Sparse Subset Selection", Proc. of 26th International Conference on Program Comprehension (ICPC), pp. 132-143, Gothenburg, Sweden, May 2018.
•X. Ma, Y. He, X. Luo, J. Li, M. Zhao, B. An, and X. Guan, “Vehicle Traffic Driven Camera Placement for Better Metropolis Security Surveillance”, IEEE Intelligent Systems, Volume: 33, Issue: 4, pp. 49-61, Jul./Aug. 2018.
•T. Chen, Y. Zhu, Z. Li, J. Chen, X. Li, X. Luo, X. Lin, and X. Zhang, "Understanding Ethereum via Graph Analysis", Proc. of IEEE International Conference on Computer Communications (INFOCOM), Honolulu, USA, April 2018. (Best Paper Award)
•J. Li, X. Ma, G. Li, X. Luo, J. Zhang, W. Li, and X. Guan, "Can We Learn What People Are Doing from Raw DNS Queries?", Proc. of IEEE International Conference on Computer Communications (INFOCOM), Honolulu, USA, April 2018.
•Z. Xu, J. Liu, X. Luo, and T. Zhang, “Cross-Version Defect Prediction via Hybrid Active Learning with Kernel Principal Component Analysis”, Proc. of IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 209-220, Campobasso, Italy, March 2018.
•T. Chen, X. Li, Y. Wang, J. Chen, Z. Li, X. Luo, M. Au, and X. Zhang, An Adaptive Gas Cost Mechanism for Ethereum to Defend Against Under-Priced DoS Attacks, Proc. of 13th International Conference on Information Security Practice and Experience (ISPEC), pp. 3-24, Melbourne, Australia, December 2017. (Best Paper Award)
•S. Hu, X. Ma, M. Jiang, X. Luo, and M. Au, “AutoFlowLeaker: Circumventing Web Censorship through Automation Services”, Proc. of 36th IEEE International Symposium on Reliable Distributed Systems (SRDS), pp. 214-223, Hong Kong, September 2017.
•L. Xue, Y. Zhou, T. Chen, X. Luo, and G. Gu, Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART, Proc. of 26th USENIX Security Symposium (USENIX SEC), pp. 289-306, Vancouver, Canada, August 2017.
•B. Sun, X. Luo, M. Akiyama, T. Watanabe, and T. Mori, Characterizing Promotional Attacks in Mobile App Store, Proc. of 8th International Conference on Applications and Technologies in Information Security (ATIS), pp. 113-127, Auckland, New Zealand, July 2017. (Best Paper Award)
•M. Jiang, X. Luo, T. Miu, S. Hu, and W. Rao, Are HTTP/2 Servers Ready Yet?, Proc. of 37th IEEE International Conference on Distributed Computing Systems (ICDCS), pp. 1661-1671, Atlanta, USA, June 2017.Source Code
•L. Xue, X. Luo, L. Yu, S. Wang, and D. Wu, Adaptive Unpacking of Android Apps, Proc. of 39th International Conference on Software Engineering (ICSE), pp. 358-369, Buenos Aires, Argentina, May 2017.
•T. Zhang, J. Chen, H. Jiang, X. Luo, and X. Xia, Bug Report Enrichment: A Case Study of Automated Fixer Recommendation, Proc. of 25th International Conference on Program Comprehension (ICPC), pp. 230-240, Buenos Aires, Argentina, May 2017.
•L. Xue, X. Ma, X. Luo, L. Yu, S. Wang, and T. Chen, Is What You Measure What You Expect? Factors Affecting Smartphone-Based Mobile Network Measurement, Proc. of IEEE International Conference on Computer Communications (INFOCOM), Atlanta, USA, May 2017.
•T. Chen, X. Li, X. Luo, and X. Zhang, Under-optimized smart contracts devour your money, Proc. of 24th International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 437-441, Klagenfurt, Austria, February 2017
•M. Fan, J. Liu, X. Luo, K. Chen, T. Chen, Z. Tian, X. Zhang, Q. Zheng, and T. Liu, Frequent Subgraph based Familial Classification of Android Malware, Proc. of 27th International Symposium on Software Reliability Engineering (ISSRE), pp. 24-35, Ottawa, Canada, October 2016. (Best Research Paper Award)
•L. Yu, X. Luo, X. Liu, and T. Zhang, Can We Trust the Privacy Policies of Android Apps?, Proc. of the 46th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 538-549, Toulouse, France, June 2016.
•L. Yu, X. Luo, C. Qian, and S. Wang, Revisiting the Description-to-Behavior Fidelity in Android Applications, Proc. of 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER), pp. 415-426, Osaka, Japan, March 2016.
•Y. Zhang, X. Luo, and H. Yin, DexHunter: Toward Extracting Hidden Code from Packed Android Applications, Proc. of the 20th European Symposium on Research in Computer Security (ESORICS), pp. 293-311, Vienna, Austria, September 2015. Source Code
•L. Xue, C. Qian, and X. Luo, AndroidPerf: A Cross-layer Profiling System for Android Applications, Proc. of 23rd IEEE/ACM International Symposium of Quality of Service (IWQoS), pp. 115-124, Portland, USA, June 2015.
•Y. Shao, X. Luo, C. Qian, P. Zhu, and L. Zhang, Towards a Scalable Resource-driven Approach for Detecting Repackaged Android Applications, Proc. of the 30th Annual Computer Security Applications Conference (ACSAC), pp. 56-65, New Orleans, USA, December 2014.
•L. Xue, X. Luo, E. Chan, and X. Zhan, Towards Detecting Target Link Flooding Attack, Proc. of 28th USENIX Large Installation System Administration Conference (LISA), pp. 81-96, Seattle, USA, November 2014.
•X. Luo, L. Xue, C. Shi, Y. Shao, C. Qian, and E. Chan, On Measuring One-way Path Metrics From a Web Server (Concise Paper), Proc. of the 22nd IEEE International Conference on Network Protocols (ICNP), pp. 203-208, Raleigh, USA, October 2014.
•C. Qian, X. Luo, Y. Shao, and A. Chan, On Tracking Information Flows through JNI in Android Applications, Proc. of the 44th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 180-191, Atlanta, USA, June 2014. Source Code
•L. Xue, X. Luo, and Y. Shao, kTRxer: A Portable Toolkit for Reliable Internet Probing, Proc. of the 22nd IEEE/ACM International Symposium on Quality and Service (IWQoS), pp. 129-134, Hong Kong, May 2014.
•R. Mok, X. Luo, E. Chan, and R. Chang, QDASH: A QoE-aware DASH system, Proc. of 3rd ACM Multimedia Systems conference (MMSys), pp. 11-22, Chapel Hill, USA, February 2012.
•X. Luo, P. Zhou, J. Zhang, R. Perdisci, W. Lee, and R. Chang, Exposing Invisible Timing-based Traffic Watermarks with BACKLIT, Proc. of the 27th Annual Computer Security Applications Conference (ACSAC), pp. 197-206, Orlando, USA, December 2011.
•E. Chan, A. Chen, X. Luo, R. Mok, W. Li, and R. Chang, TRIO: Measuring Asymmetric Capacity with Three Minimum Round-Trip Times, Proc. of 7th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), Tokyo, Japan, December 2011.
•X. Luo, P. Zhou, E. Chan, R. Chang, and W. Lee, A Combinatorial Approach to Network Covert Communications with Applications in Web Leaks, Proc. of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 474-485, Hong Kong, June 2011.
•J. Zhang, R. Perdisci, W. Lee, U. Sarfraz, and X. Luo, Detecting Stealthy P2P Botnets Using Statistical Traffic Fingerprints, Proc. of the 41st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 121-132, Hong Kong, June 2011.
•J. Zhang, X. Luo, R. Perdisci, G. Gu, W. Lee, and N. Feamster, Boosting the scalability of botnet detection using adaptive traffic sampling, Proc. of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 124-134, Hong Kong, March 2011.
•X. Luo, P. Zhou, E. Chan, W. Lee, R. Chang, and R. Perdisci, HTTPOS: Sealing Information Leaks with Browser-side Obfuscation of Encrypted Flows, Proc. of the 18th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2011.
•Q. Hui, X. Luo, and W. Lee, Control of low-rate Denial-of-Service attacks on Web servers and TCP fows, Proc. of the 49th IEEE Conference on Decision and Control (CDC), pp. 4186-419, Atlanta, USA, December 2010.
•E. Chan, X. Luo, W. Li, W. Fok, and R. Chang, Measurement of Loss Pairs in Network Paths, Proc. of the 13th Internet Measurement Conference (IMC), pp. 88-101, Melbourne, Australia, November 2010.
•X. Luo, J. Zhang, R. Perdisci and W. Lee, On the Secrecy of Spread-Spectrum Flow Watermarks, Proc. of the 15th European Symposium Research Computer Security (ESORICS), pp. 232-248, Athens, Greece, September 2010.
•M. Antonakakis, D. Dagon, X. Luo, R. Perdisci and W. Lee, A Centralized Monitoring Infrastructure For Improving DNS Security, Proc. of the 13th International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 18-37, Ottawa, Canada, September 2010.
•D. Dagon, M. Antonakakis, K. Day, X. Luo, C. Lee, and W. Lee, Recursive DNS Architectures and Vulnerability Implications, Proc. of the 16th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2009.
•E. Chan, X. Luo and R. Chang, A minimum-delay-difference method for mitigating cross-traffic impact on capacity measurement, Proc. of the 5th ACM International Conference on emerging Networking EXperiments and Technologies (CoNEXT), pp. 205-216, Rome, Italy, December 2009.
•X. Luo, E. Chan and R. Chang, Design and implementation of TCP data probes for reliable and metric-rich network path monitoring, Proc. of the 20th USENIX Annual Technical Conference (USENIX ATC), San Diego, USA, June 2009.
•R. Perdisci, M. Antonakakis, X. Luo, and W. Lee, WSEC DNS: Protecting Recursive DNS Resolvers from Poisoning Attacks, Proc. of the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 3-12, Lisbon, Portugal, June 2009.
•X. Luo, E. Chan, and R. Chang, TCP Covert Timing Channels: Design and Detection, Proc. of the 38th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 420-429, Anchorage, USA, June 2008.
•X. Luo, E. Chan, and R. Chang, Cloak: A Ten-fold Way for Reliable Covert Communications, Proc. of the 12th European Symposium Research Computer Security (ESORICS), pp. 283-298, Dresden, German, September 2007.
•X. Luo, E. Chan, and R. Chang, Crafting Web Counters into Covert Channels, Proc. of the 22nd IFIP International Information Security Conference (IFIP SEC), pp. 337-348, Sandton, South Africa, May 2007. (Best student paper award)
•X. Luo, E. Chan, and R. Chang, Vanguard: A New Detection Scheme for a Class of TCP-targeted Denial-of-Service Attacks, Proc. of 10th IEEE/IFIP Network Operations and Management Symposium (NOMS), pp. 507-518, Vancouver, Canada, April 2006.
•X. Luo, R. Chang, and E. Chan, “Performance Analysis of TCP/AQM Under Denial-of-Service Attacks”, Proc. of the 13th IEEE/ACM International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems (MASCOTS), pp. 97-104, Atlanta, USA, September 2005.
•X. Luo and R. Chang, Novel Approaches to End-to-End Packet Reordering Measurement, Proc. of the 8th ACM/USENIX Internet Measurement Conference (IMC), pp. 227-238, Berkeley, USA, October 2005.
•X. Luo and R. Chang, Optimizing the Pulsing Denial-of-Service Attacks, Proc. of the 35th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 582-591, Yokohama, Japan, June 2005.
•X. Luo and R. Chang, On a New Class of Pulsing Denial-of-Service Attacks and the Defense, Proc. of the 12th Annual Network and Distributed System Security Symposium (NDSS), San Diego, USA, February 2005.

Journal Papers / Conference Papers

Accepted
•T. Chen, Z. Li, X. Luo, X. Wang, T. Wang, Z. He, K. Fang, Y. Zhang, H. Zhu, H. Li, Y. Cheng, and X. Zhang, “SigRec: Automatic Recovery of Function Signatures in Smart Contracts”, IEEE Transactions on Software Engineering (TSE)
•Y. Tang, H. Zhou, X. Luo, T. Chen, H.u Wang, Z. Xu, and Y. Cai, “XDebloat: Towards Automated Feature-Oriented App Debloating”, IEEE Transactions on Software Engineering (TSE).
•Y. Tang, H. Wang, X. Zhan, X. Luo, Y. Zhou, H. Zhou, Q. Yan, Y. Sui, and J. Keung, “A Systematical Study on Application Performance Management Libraries for Apps”, IEEE Transactions on Software Engineering (TSE).
•X. Zhan, T. Liu, Y. Liu, L. Li, H. Wang, and X. Luo, “A Systematic Assessment on Android Third-party Library Detection Tools”, IEEE Transactions on Software Engineering (TSE).
•X. Zhan, T. Liu, L. Fan, L. Li, S. Chen, X. Luo, and Y. Liu, “Research on Third-Party Libraries in Android Apps: A Taxonomy and Comprehensive Survey”, IEEE Transactions on Software Engineering (TSE).
•J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “DEFECTCHECKER: Automated Smart Contract Defect Detection by Analyzing EVM Bytecode“, IEEE Transactions on Software Engineering (TSE). Source Code
•Y. Huang, J. Jiang, X. Luo, X. Chen, Z. Zheng, N. Jia, and G. Huang, “Change-Patterns Mapping: A Boosting Way for Change Impact Analysis”, IEEE Transactions on Software Engineering (TSE).
•J. Chen, X. Xia, D. Lo, J. Grundy, X. Luo, and T. Chen, “Defining Smart Contract Defects on Ethereum”, IEEE Transactions on Software Engineering (TSE). (also appear at the Journal First Session of the 43rd International Conference on Software Engineering (ICSE)).
•L. Xue, H. Zhou, X. Luo, L. Yu, D. Wu, Y. Zhou, and X. Ma, “PackerGrind: An Adaptive Unpacking System for Android Apps”, IEEE Transactions on Software Engineering (TSE). Source Code
•S. Wu, L. Wu, Y. Zhou, R. Li, Z. Wang, X. Luo, C. Wang, K. Ren, "Time-Travel Investigation: Towards Building A Scalable Attack Detection Framework on Ethereum", ACM Transactions on Software Engineering and Methodology (TOSEM).
•X. Xiao, W. Xiao, R. Li, X. Luo, H. Zheng, and S. Xia, “EBSNN: Extended Byte Segment NeuralNetwork for Network Traffic Classification”, IEEE Transactions on Dependable and Secure Computing (TDSC).
•Y. Ye, J. Zhang, W. Wu, and X. Luo, “Boros: Secure Cross-Channel Transfers via Channel Hub”, IEEE Transactions on Dependable and Secure Computing (TDSC).
•T. Shen, J. Jiang, Y. Jiang, X. Chen, J. Qi, S. Zhao, F. Zhang, X. Luo, and H. Cui, "DAENet: Making Strong Anonymity Scale in a Fully Decentralized Network", IEEE Transactions on Dependable and Secure Computing (TDSC).
•Q. Li, X. Ma, A. Zhou, X. Luo, and S. Wang, “User-Oriented Edge Node Grouping in Mobile Edge Computing”, IEEE Transactions on Mobile Computing (TMC).
•J. Ni, M. Au, W. Wu, X. Luo, X. Lin, and X. Shen, “Dual-Anonymous Off-Line Electronic Cash for Mobile Payment”, IEEE Transactions on Mobile Computing (TMC).
•H. Cao, H. Zhao, X. Luo,  N. Kumar, and L. Yang, “Dynamic Virtual Resource Allocation Mechanism for Survivable Services in Emerging NFV-Enabled Vehicular Networks”, IEEE Transactions on Intelligent Transportation Systems (TITS).
•H. Cao, J. Du, H. Zhao, X. Luo, N. Kumar, L. Yang, and F. Yu, “Towards Tailored Resource Allocation of Slices in 6G Networks With Softwarization and Virtualization”, IEEE Internet of Things Journal (IoTJ).
Published
•Y. Huang, X. Liang, Z. Chen, N. Jia, X. Luo, X. Chen, Z. Zheng and X. Zhou, "Reviewing rounds prediction for code patches",  Empirical Software Engineering (EMSE), 27, Article number: 7 2022.
•T. Zhang, J. Chen, X. Zhan, X. Luo, D. Lo, and H. Jiang, “Where2Change: Change Request Localization for App Reviews”, IEEE Transactions on Software Engineering (TSE), Volume: 47, Issue: 11, Nov. 2021. (also appear at the Journal First Session of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE)).
•H. Wang, W. Zhang, H. He, P. Liu, X. Luo, Y. Liu, J. Jiang, Y. Li, X. Zhang, W. Liu, R. Zhang, and X. Lan, “An Evolutionary Study of IoT Malware”, IEEE Internet of Things Journal (IoTJ), Volume: 8, Issue: 20, Oct.15, 2021.
•R. He, H. Wang, P. Xia, L. Wang, Y. Li, L. Wu, Y. Zhou, X. Luo, Y. Guo, Y. Sui, G. Xu, “Beyond the Virus: A First Look at Coronavirus-themed Mobile Malware”, Empirical Software Engineering (EMSE),26, Article number: 82 2021
•T. Chen, Y. Feng, Z. Li, H. Zhou, X. Luo, X. Li, X. Xiao, J. Chen and X. Zhang, "GasChecker: Scalable Analysis for Discovering Gas-Inefficient Smart Contracts", IEEE Transactions on Emerging Topics in Computing  (TETC), Volume: 9, Issue: 3, July-Sept. 2021.
•H. Cao, J. Du, H. Zhao, X. Luo, G. Aujla, N. Kumar, L. Yang, and F. Yu, "Resource-Ability Assisted Service Function Chain Embedding and Scheduling for 6G Networks With Virtualization", IEEE Transactions on Vehicular Technology (TVT), Volume: 70, Issue: 4, April 2021.
•Z. Xu, T. Zhang, J. Keung, M. Yan, X. Luo, X. Zhang, L. Xu, and Y. Tang. "Feature Selection and Embedding Based Cross Project Framework for Identifying Crashing Fault Residence". Information and Software Technology (IST), Volume 131, March 2021
•L. Yu, X. Luo, J. Chen, H. Zhou, T. Zhang, H. Chang, and H. Leung, “PPChecker: Towards Accessing the Trustworthiness of Android Apps' Privacy Policies”, IEEE Transactions on Software Engineering (TSE), 47(2), Feb. 2021.
•Z. Xu, L. Li, M. Yan, J. Liu, X. Luo, J. Grundy, Y. Zhang, and X. Zhang, "A Comprehensive Comparative Study of Clustering-based Unsupervised Defect Prediction Models", Journal of Systems and Software (JSS), Volume 172, February 2021.
•Y. Huang, X. Hu, N. Jia, X. Chen, Z. Zheng, and X. Luo, "CommtPst: Deep Learning Source Code for Commenting Positions Prediction", Journal of Systems and Software (JSS), Volume 170, December 2020.
•Y. Huang, S. Huang, H. Chen, X. Chen, Z. Zheng, X. Luo, N. Jia, X. Hu, and X. Zhou, "Towards automatically generating block comments for code snippets", Information and Software Technology (IST), Volume 127, November 2020
•P. Xia,  H. Wang, B. Zhang, Ru Ji, B. Gao, L. Wu, X. Luo, and G. Xu, "Characterizing Cryptocurrency Exchange Scams",  Computers & Security (COSE), Volume 98, November 2020.
•X. Ma, B. An, M. Zhao, X. Luo, L. Xue, Z. Li, T. Miu, and X. Guan, “Randomized Security Patrolling for Link Flooding Attack Detection”, IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 17, Issue: 4, July-Aug. 1 2020.
•T. Chen, Z. Li, Y. Zhu, J. Chen, X. Luo, J. Lui, X. Lin, and X. Zhang, “Understanding Ethereum via Graph Analysis”, ACM Transactions on Internet Technology (TOIT), Volume 20, Issue 2, May 2020.
•Y. Shi, W. Wei, F. Zhang, X. Luo, Z. He, and H. Fan, “SDSRS: A Novel White-Box Cryptography Scheme for Securing Embedded Devices in IIoT”, IEEE Transactions on Industrial Informatics (TII), Volume: 16, Issue: 3, March 2020.
  •M. Fan, X. Luo, J. Liu, C. Nong, Q. Zheng, and T. Liu, “CTDroid: Leveraging a Corpus of Technical Blogs for Android Malware Analysis”, IEEE Transactions on Reliability (TR), Volume: 69, Issue: 1, March 2020.
•M. Alhanahnah, Q. Yan, H. Bagheri, H. Zhou, Y. Tsutano, W. Srisa-an, and X. Luo, "DINA: Detecting Hidden Android Inter-App Communication in Dynamic Loaded Code", IEEE Transactions on Information Forensics and Security (TIFS), Volume: 15, Feb. 2020.
•Z. Xu, S. Li, J. Xu, J. Liu, X. Luo, Y. Zhang, T. Zhang, Y. Tang, and J. Keung, “LDFR: Learning Deep Feature Representation for Software Defect Prediction”, Journal of Systems and Software  (JSS), Volume 158, December 2019.
•Y. Shi, W. Wei, H. Fan, M. Au, and X. Luo, “A Light-Weight White-Box Encryption Scheme for Securing Distributed Embedded Devices”, IEEE Transactions on Computers (TC), Volume 68, Number 10, October 2019.(Selected as the Featured Article of TC 2019 Oct. Issue)
  •Z. Xu, S. Li, X. Luo, J. Liu, T. Zhang, Y. Tang, J. Xu, and P. Yuan, "TSTSS: A Two-Stage Training Subset Selection Framework for Cross Version Defect Prediction", Elsevier Journal of Systems and Software  (JSS), Volume 154, August 2019.
•L. Xue, C. Qian, H. Zhou, X. Luo, Y. Zhou, Y. Shao, and A. Chan, "NDroid: Towards Tracking Information Flows Across Multiple Android Contexts", IEEE Transactions on Information Forensics and Security  (TIFS), Volume: 14, Issue: 3, pp. 814–828, March 2019. Source Code
•Z. Xu, J. Liu, X. Luo, Z. Yang, Y. Zhang, P. Yuan, Y. Tang, and T. Zhang, “Software Defect Prediction Based on Kernel PCA and Weighted Extreme Learning Machine”, Elsevier Information and Software Technology (IST), Volume 106, pp. 182-200, February 2019.
  •H. Jiang, L. Nie, Z. Sun, Z. Ren, W. Kong, T. Zhang, and X. Luo, ROSF: Leveraging Information Retrieval and Supervised Learning for Recommending Code Snippets, IEEE Transactions on Services Computing (TSC), Volume: 12, Issue: 1, pp. 34 - 46, January - February 2019.
•L. Xue, X. Ma, X. Luo, E. Chan, T. Miu, and G. Gu, “LinkScope: Towards Detecting Target Link Flooding Attacks”, IEEE Transactions on Information Forensics and Security  (TIFS), Volume: 13, Issue: 10, pp. 2423–2438, October 2018.
•L. Yu, X. Luo, C. Qian, S. Wang, and H. Leung, “Enhancing the Description-to-Behavior Fidelity in Android Apps with Privacy Policy”, IEEE Transactions on Software Engineering (TSE), Volume: 44, Issue: 9, pp. 834–854, Sept. 2018.
•M. Fan, J. Liu, X. Luo, K. Chen, T. Chen, Z. Tian, X. Zhang, Q. Zheng, and T. Liu, “Android Malware Familial Classification and Representative Sample Selection via Frequent Subgraph Analysis”, IEEE Transactions on Information Forensics and Security  (TIFS), Volume: 13, Issue: 8, pp. 1890–1905, August 2018.  Source Code
•C. Wang, T. Miu, X. Luo, and J. Wang, “SkyShield: A Sketch-based Defense System for Application Layer DDoS Attacks”, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 13, Issue: 3, pp. 559–573, March 2018.
•P. Zhang, J. Liu, F.  Yu, M. Sookhak, M. Au, and X. Luo, “A Survey on Access Control in Fog Computing”, IEEE Communications Magazine, Volume: 56, Issue: 2, pp. 144-149, February 2018.
•T. Zhang, J. Chen, X. Luo, and T. Li, "Bug Reports for Desktop Software and Mobile Apps in GitHub: What is the Difference?", IEEE Software, October 2017 (also appear at the Journal First Session of the 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME)).
•W. Chen, X. Luo, C. Yin, B. Xiao, M. Au, and Y. Tang, “CloudBot: Advanced Mobile Botnets using Ubiquitous Cloud Technologies”, Pervasive and Mobile Computing (PMC), Volume 41, 270-285, October 2017.
•L. Yu, T. Zhang, X. Luo, L. Xue, and H. Chang, Towards Automatically Generating Privacy Policy for Android Apps, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 12, Issue: 4, pp. 865–880, April 2017.
•X. Luo, H. Zhou, L. Yu, L. Xue, and Y. Xie, Characterizing mobile *-box applications, Computer Networks (COMNET), Volume 117, pp. 166-184, July 2016.
•T. Zhang, J. Chen, G. Yang, B. Lee, and X. Luo, Towards More Accurate Severity Prediction and Fixer Recommendation of Software Bugs, Journal of Systems and Software (JSS), Volume 117, pp. 166-184, July 2016.
•T. Zhang, H. Jiang, X. Luo, and A. Chan, A Literature Review of Research in Bug Resolution: Tasks, Challenges and Future Directions, The Computer Journal, Volume 59, Issue 5, pp. 741–773, May 2016.
•C. Qian, X. Luo, L. Yu, and G. Gu, VulHunter: Towards Discovering Vulnerabilities in Android Applications, IEEE Micro, Volume: 35, Issue: 1, pp. 44–53, Jan.-Feb. 2015.
•Y. Shao, X. Luo, and C. Qian, RootGuard: Protecting Rooted Android Phones, IEEE Computer, Volume: 47, Issue: 6, pp. 32–40, June 2014. (Among the top 10 downloaded articles from the IEEE Computer Society's Digital Library during 2014.)
•Y. Tang, X. Luo, Q. Hui, and R. Chang, Modeling the Vulnerability of Feedback-Control Based Internet Services to Low-Rate Dos Attacks, IEEE Transactions on Information Forensics and Security (TIFS), Volume: 9, Issue: 3, pp. 339-353, March 2014.
•J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz, Building A Scalable System For Stealthy P2P-Botnet Detection, IEEE Transactions on Information Forensics and Security (TIFS) Volume: 9, Issue: 1, pp. 27-38, January 2014.
•Y. Liu, X. Luo, R. Chang, and J. Su, Characterizing Inter-Domain Rerouting by Betweenness Centrality after Disruptive Events, IEEE Journal on Selected Areas in Communications (JSAC), Volume: 31, Issue: 6, pp. 1147-1157, June 2013.
•X. Luo, E. Chan, P. Zhou, and R. Chang, Robust Network Covert Communications Based on TCP and Enumerative Combinatorics, in IEEE Transactions on Dependable and Secure Computing (TDSC), Volume: 9, Issue: 6, pp. 890-902, November-December 2012.