Lei Zhang

I am an Assistant Professor in the School of Computer Science at Fudan University. My research interests lie broadly in system security, with a focus on studying the vulnerabilities in open-source software. This includes vulnerability discovery and analysis, exploitation, and automatic fixes . To tackle these challenges, my work leverages a range of multidisciplinary techniques such as program analysis and fuzzing. Additionally, I am exploring the integration of large language models to enhance these methodologies.

To date, our team has discovered over 300 zero-day vulnerabilities with CVE IDs, and we have received acknowledgments from several prominent enterprises including Google, Alibaba, Ant Group, Huawei, Apache, Eclipse, Red Hat, and VMware.

In academia, my contributions to the field have been recognized with several awards, including the **Distinguished Paper Award at USENIX Security 2022** and the **Distinguished Paper Award at ACM FSE 2024** .

I am always on the lookout for motivated prospective students to join my research team. If you are interested in my work, please feel free to contact me at zxl@fudan.edu.cn with your CV.

Background

Publications (dblp)

The Dark Forest: Understanding Security Risks of Cross-Party Delegated Resources in Mobile App-in-App Ecosystems.

Zhang, Zhibo and Zhang, Lei and Yang, Guangliang and Chen, Yanjun and Xu, Jiahao and Yang, Min.

IEEE Transactions on Information Forensics and Security, vol. 19, pp. 5434-5448, 2024 (TIFS 2024), [PDF]
Component Security Ten Years Later: An Empirical Study of Cross-Layer Threats in Real-World Mobile Applications.

Keke Lian, Lei Zhang, Guangliang Yang, Shuo Mao, Xinjie Wang, Yuan Zhang, Min Yang.

The ACM on Software Engineering, FSE (FSE 2024) [Distinguished Paper Award] , [PDF]
Efficient Detection of Java Deserialization Gadget Chains via Bottom-up Gadget Search and Dataflow-aided Payload Construction.

Bofei Chen, Lei Zhang, Xinyou Huang, Yinzhi Cao, Keke Lian, Yuan Zhang, Min Yang.

The 45th IEEE Symposium on Security and Privacy (S&P 2024). [PDF]
NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic.

Peng Deng, Zhemin Yang, Lei Zhang, Guangliang Yang, Wenzheng Hong, Yuan Zhang, Min Yang.

The 30th ACM Conference on Computer and Communications Security(CCS), 2023. [PDF]
Identity Confusion in WebView-based Mobile App-in-app Ecosystems.

Lei Zhang, Zhibo Zhang, Ancong Liu, Yinzhi Cao, Xiaohan Zhang, Yanjun Chen, Yuan Zhang, Guangliang Yang, Min Yang.

USENIX Security Symposium 2022 [Distinguished Paper Award] . [PDF]
Exploit the Last Straw That Breaks Android Systems.

Lei Zhang, Keke Lian, Haoyu Xiao, Zhibo Zhang, Peng Liu, Yuan Zhang, Min Yang, Haixin Duan.

IEEE Security & Privacy, Oakland'22. [PDF]
TextExerciser: Feedback-driven Text Input Exercising for Android Applications.

Yuyu He, Lei Zhang, Zhemin Yang, Yinzhi Cao, Keke Lian, Shuai Li, Wei Yang, Zhibo Zhang, Min Yang, Yuan Zhang, and Haixin Duan.

IEEE Security & Privacy, Oakland'20,(Co-first author). [PDF]
App in the Middle: Demystify Application Virtualization in Android and its Security Threats.

Lei Zhang, Zhemin Yang, Yuyu He, Mingqi Li, Sen Yang, Min Yang, Yuan Zhang, and Zhiyun Qian.

Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS), SIGMETRICS'19, Phoenix, USA, June 24-28, 2019. [PDF]
Invetter: Locating Insecure Input Validations in Android Services.

Lei Zhang, Zhemin Yang, Yuyu He, Zhenyu Zhang, Zhiyun Qian, Geng Hong, Yuan Zhang, Min Yang.

In Proceedings of the 25th ACM Conference on Computer and Communications Security, CCS'18, Toronto, Canada, October 15-19, 2018. [PDF]
How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World.

Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan.

In Proceedings of the 25th ACM Conference on Computer and Communications Security, CCS'18, Toronto, Canada, October 15-19, 2018. [PDF]

Lei Zhang

Background

Publications (dblp)

Services