研究成果

SOftware SECURITY LAbORATORY

DEPT. of MIS, National Chengchi University

 

[DBLP] [Google Scholar]

Book

  1. Tevfik Bultan, Fang Yu, Muath Alkhalaf,  and Abdulbaki Aydin. “String analysis for Software Verification and Security.“ Publisher: Springer International Publishing. eBook ISBN 978-3-319-68670-7. DOI 10.1007/978-3-319-68670-7. Hardcover ISBN 978-3-319-68668-4. [Springer] [Amazon]

Book Chapter

  1. Fang Yu. “Investigating Security Mechanisms for ICT-enabled Services of the National Palace Museum," Managing Innovation and Cultural Management in the Digital Era: The Case of the National Palace Museum. Edited by R. H. Tsaih and T.S. Han, Routledge. 2016. [Book:Chapter 10]

Papers in Referred Journals

  1. Shih-Yi Chien, Chen-Chun Yang, and Fang Yu. “XFlag: Explainable Fake News Detection on Social Media.“ Accepted to be published in International Journal of Human-Computer Interaction (IJHCI). SCI IF: 3.353. 2022.

  2. Fang Yu, Yat-Wah Wan, Rua-Huan Tsaih. “Quantitative Quality Estimation of Cloud-based Streaming Services.“ Computer Communications. (SCI, IF:3.338), vol 125, pp. 24-37, 2018.  [elsevier][doi]. 

  3. Fang Yu*, Steven Tai, Wei-Shao Tang, and Wei-Ren Wang. “AppBeach: A Static Behavior Checker for iOS Mobile Applications.“ Communications of the CCISA, vol 21 (2),pp. 41-50, 2015. [airiti]

  4. Shin-Ying Huang, Rua-Huan Tsaih, and Fang Yu. “Topological Pattern Discovery and Feature Extraction for Fraudulent Financial Reporting.” Expert Systems with Applications (SCI), vol. 41(9), 2014. [elsevier]

  5. Fang Yu*, Muath Alkhalaf, Tevfik Bultan, Oscar H. Ibarra. “Automata-based Symbolic String Analysis for Vulnerability Detection.” International Journal of Formal Methods in System Design (SCI), vol. 44 (1), pp. 44-70, 2014. [springer]

  6. Gaiyun Liu, Daniel Y. Chao, Fang Yu*. “Control Policy for a Subclass of Petri Nets without Reachability Analysis.” IET Control Theory and Applications (SCI), vol. 7 (8), pp. 1131-1141, 2013. [ietcta]

  7. Daniel Y. Chao, Jiun-Ting Chen, Fang Yu. “A Novel Liveness Condition for S3PGR2.” SAGE Transactions of the Institute of Measurement and Control  (SCI), vol. 35 (2), pp. 131-137, 2013. [doi]

  8. Fang Yu*, Shun-Ching Yang, Farn Wang, Guan-Cheng Chen, and Che-Chang Chan. “Symbolic Consistency Checking of OpenMP Parallel Programs.“ ACM SIGPLAN Notices (SCI), Vol. 47(5), 2012. [acm]

  9. Fang Yu*, Tevfik Bultan, Oscar H. Ibarra. “Relational String Verification Using Multi-track Automata.” International Journal of Foundations of Computer Science (IJFCS) (SCI), vol. 22 (8), pp. 1909-1924, 2011. [doi]

  10. Oscar H. Ibarra, Sara Woodworth, Fang Yu, Andri Paun, "On Spiking Neural P Systems and Partially Blind Counter Machines.” Natural Computing. (SCI), vol 7(1), pp. 3-19, Springer Netherlands, 2008. [doi]

  11. Fang Yu* and Bow-Yaw Wang, "SAT-based Model Checking for Region Automata," Proc. of the International Journal of Foundations of Computer Science (IJFCS) (SCI), vol. 17 (4), pp. 775-796, August 2006. [pdf]

  12. Farn Wang, Geng-Dian Huang, Fang Yu, "TCTL Inevitability Analysis of Dense-time Systems: from Theory to Engineering,"  IEEE Transactions on Software Engineering (IEEE TSE) (SCI). vol. 32 (7), pp. 510-526. July 2006. ISSN: 0098-5589 2006. [cdlib]

  13. Farn Wang, Geng-Dian Huang, Fang Yu. "Symbolic Simulation of Industrial Real-Time and Embedded Systems - Experiments with the Bluetooth baseband communication protocol." Proc. of the First Issue of the Journal of Embedded Computing (JEC), vol. 1 (1), pp. 39-56, Cambridge International Science Publishing, 2005. [pdf]

  14. Farn Wang, K. Schmidt, Fang Yu, Geng-Dian Huang, Bow-Yaw Wang. "BDD-based Safety Analysis of Concurrent Software with Pointer Data Structures using Graph Automorphism Symmetry Reduction." IEEE Transactions on Software Engineering (IEEE TSE) (SCI). vol. 30 (6), pp. 403-417, 2004. [pdf]

Papers at Referred Conferences

  1. Cheng-Yao Guo and Fang Yu. “POSTER: On searching information leakage of Python model execution to detect adversarial examples,” Accepted as a poster paper in Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security (ACM AsiaCCS 2023).  Melbourne, Australia. July 10-14, 2023.

  2. Yi-Ching Lin and Fang Yu. “DeepSHAP Summary for Adversarial Example Detection,” Accepted by the 2023 IEEE/ACM International Workshop on Deep Learning for Testing and Testing for Deep Learning co-located with the 45th International Conference on Software Engineering (DeepTest@ICSE2023). Melbourne, Australia. May 14-20, 2023.

  3. Wei-Lun Tsai, Wei-Cheng Wu, Di-De Yen, Fang Yu, Yu-Fang Chen. “PyCT: A Python Concolic Tester,” Accepted by the 19th Asian Symposium on Programming Languages and Systems (APLAS 2021), Chicago, Illinois, United States. Oct. 17-22, 2021.

  4. Wei-Ting Lin, Shun-Wen Hsiao and Fang Yu. “Runtime Hook on Block Chain and Smart Contract Systems.” Accepted by the Eighth International Workshop on Security in Blockchain and Cloud Computing in conjunction with the 15th ACM Asia Conference on Computer and Communications Security (SBC@ASIACCS 2020), Taipei, Taiwan. June 1-5, 2020.

  5. Min-Hao Peng, Fang Yu and Jie-Hong Roland Jiang. “Symbolic Gas Vulnerability Detection and Attack Synrthesis.” In Proc. of the AIS 2020 Pacific Asia Conference on Information Systems (PACIS 2020), PACIS 2020 Proceedings. 107.

  6. Yun-Chieh Tien, Chen-Min Hsu, and Fang Yu. “HiSeqGAN: Hierarchical Sequence Synthesis and Prediction.” In Proc. of the 28th International Conference on Artificial Neural Networks (ICANN 2019), Munich, Germany. Sep 17-19, 2019. LNCS vol. 11728, pp. 621-638.

  7. Chi-Feng Liu, Shun-Wen Hsiao, and Fang Yu. “Malware Family Characterization with Recurrent Neural Network and GHSOM using System Calls.” In Proc. of the 10th IEEE International Conference on Cloud Computing Technology and Science (IEEE CloudCom 2018), Nicosia, Cyprus. Dec. 10-13, 2018. (short paper).

  8. Abdulbaki Aydin, William Eiers, Lucas Bang, Tegan Brennan, Miroslav Gavrilov, Tevfik Bultan and Fang Yu. “Parameterized Model Counting for String and Numeric Constraints.” In Proc. of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018), Lake Buena Vista, Florida, November 4-9, 2018.

  9. Hung-En Wang, Shih-Yu Chen, Fang Yu, Jie-Hong R. Jiang. “A Symbolic Model Checking Approach to the Analysis of String and Length Constraints.” Accepted by  the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE 2018), Montpellier, France, Sep 3-7, 2018.

  10. TengYung Lin, Hao-Chun Howard Chuang, Fang Yu. “Tracking Supply Chain Process Variability with Unsupervised Cluster Traversal.” Accepted by The Fourth IEEE International Conference on Big Data Intelligence and Computing (DataCom 2018), Athens, Greece, August 12-15, 2018.

  11. Chia-Run Lee, Shun-Wen Hsiao, and Fang Yu. “Biparti Majority Learning with Tensors.” Accepted by the IEEE International Congress on Big Data (IEEE BigData Congress 2018), San Francisco, USA, July 2-7, 2018. (work-in-progress track)

  12. Chun-Han Lin, Fang Yu, Jie-Hong Jiang, and Tevfik Bultan. “Static API Call Vulnerability Detection in iOS applications.” Pre accepted by the 40th International Conference on Software Engineering (ICSE’18), Gothenburg, Sweden, May 27 - 3 June 2018. (poster track)

  13. Shin-Ying Huang, Ya-Yun Peng and Fang Yu. “A Parallel Majority Learning Algorithm for Anomaly Detection.” Accepted by The 3rd IEEE International Conference on Big Data Intelligence and Computing (IEEE DataCom’17). Orlando, Florida, USA, November 6-10, 2017. (poster paper)

  14. Chui-Hui Chiu, Jin-Jie Chen and Fang Yu. “An Effective Distributed GHSOM Algorithm for Unsupervised Clustering on Big Data.” Accepted by the 6th IEEE International Congress on Big Data (IEEE BigData’17), June 25 - June 30, 2017, Honolulu, Hawaii, USA. (application track)

  15. Chun-Chi Hsu, Yuan-Ting Fang and Fang Yu. “Content-sensitive Data Compression for IoT Streaming Services.” Accepted by the 2nd IEEE International Congress on Internet of Things (IEEE ICIOT’17), June 25 - June 30, 2017, Honolulu, Hawaii, USA. (short paper track)

  16. Chiao-Yi Cheng, Yao-Hung Lin and Fang Yu. “Adaptive Social Network Services: The Practice of 9EMBA.com.” Accepted by the 1st IEEE International Conference on Edge Computing (IEEE EDGE’17), June 25 - June 30, 2017, Honolulu, Hawaii, USA. (short paper track)

  17. Fang Yu, Ching-Yuan Shueh, Chun-Han Lin,Yu-Fang Chen, Bow-Yaw Wang, and Tevfik Bultan. “Optimal Sanitization Synthesis for Web Application Vulnerability Repair.” Accepted by ACM SIGSOFT the 2016 International Symposium on Software Testing and Analysis (ISSTA’16), Saarbruken, Germany, July 2016. (accepting rate 25%, 37/147).

  18. Hung-En Wang, Tzung-Lin Tsai, Chun-Han Lin, Fang Yu and Jie-Hong Jiang. “String Analysis via Automata Manipulation with Logic Circuit Representation.” Accepted by the 28th International Conference on Computer Aided Verification (CAV’16), Toronto, CA, July 2016. (accepting rate 27.8%, 46/165).

  19. Jin-jie Chen and Fang Yu. “Gnafuy: A Framework for Ubiquitous Mobile Computation.” Accepted by the 9th IEEE International Conference on Cloud Computing (IEEE CLOUD’16), San Francisco, CA, June 2016. (short paper).

  20. Zih-Ruei Fang, Shu-Wei Huang, and Fang Yu. “AppReco: Behavior-aware Recommendation for iOS Mobile Applications.” Accepted by the 23rd IEEE International Conference on Web Services (IEEE ICWS’16), San Francisco, CA, June 2016. (accepting rate 26% of applications track).

  21. Hsuan-Kai Chu, Wan-Ping Chen, and Fang Yu. “Simulating Time-Varying Demand Services with Queuing Models.” Accepted by the 13th IEEE International Conference on Services Computing (IEEE SCC’16), San Francisco, CA, June 2016. (accepting rate 27% of applications track).

  22. Yen-Han Li, Yue-Ruey Tzeng, Fang Yu. “VISO: Characterizing Malicious Behaviors of Virtual Machines With Unsupervised Clustering.” In Proceedings of IEEE the 7th International Conference on Cloud Computing Technology and Science (IEEE CloudCom’15), Vancouver, CA, 2015. (accepting rate 25.4%, 48/189).

  23. Shin-Ying Huang, Fang Yu, Rua-Huan Tsaih, Yennun Huang. “Network-Traffic Anomaly Detection with Incremental Majority Learning.“ In Proceedings of the IEEE 2015 International Joint Conference on Neural Networks (IJCNN 2015), Ireland, 2015.

  24. Chun-Han Lin, Pei-Yu Sun and Fang Yu. “Space Connection: A New 3D Tele-Immersion Platform for Web-based Gesture-collaborative Games and Services.“ In Proceedings of the Fourth International Workshop on Games and Software Engineering (GAS 2015), associated with ACM/IEEE International Conference on Software Engineering (ICSE), Florence, Italy, May 2015.

  25. Shin-Ying Huang, Fang Yu, Rua-Huan Tsaih, Yennun Huang. “Resistant Learning on the Envelope Bulk for Identifying Anomalous Patterns.Accepted by the IEEE 2014 World Congress on Computational Intelligence - International Joint Conference on Neural Networks (WCCI-IJCNN 2014), Beijing, 2014.

  26. Fang Yu and Yi-Yang Tung. “Patcher: An Online Service for Detecting, Viewing and Patching Web Application Vulnerabilities.” In Proceedings of the 47th Hawaii International Conference on System Sciences (HICSS 47). Big Island, U.S., Jan. 2014. (Best paper award)

  27. Sheng-Wei Lee and Fang Yu. “Securing KVM-based Cloud Systems via Virtualization Introspection.” In Proceedings of the 47th Hawaii International Conference on System Sciences (HICSS 47). Big Island, U.S., Jan. 2014. (Best paper nomination)

  28. Wenhui Wu, Daniel Yuh Chao, Fang Yu. “A Control Policy for $gamma$-Nets without Reachability Analysis and Siphon Enumeration.” In Proceedings of the 9th IEEE International Conference on Automation Science and Engineering (CASE 2013). Wisconsin, U.S., Aug. 2013.

  29. Fang Yu, Shin-Ying Huang, Li-Chin Chiou, Rua-Huan Tsaih. “Clustering iOS Executable Using Self-Organizing Maps.“ Proceedings of by the 2013 International Joint Conference on Neural Networks (IJCNN 2013), Dallas, U.S., Aug. 2013.

  30. Fang Yu, Yuan-Chieh Lee, Steven Tai, and Wei-Shao Tang. “AppBeach: Characterizing App Behaviors via Static Binary Analysis.“ Proceedings of by the IEEE 2nd International Conference on Mobile Services (MS 2013), Santa Clara, U.S., June 2013.

  31. Fang Yu, Yat-Wah Wan, Rua-Huan Tsaih. “Quantitative Analysis of Cloud-based Streaming Services.“ Proceedings of the IEEE 10th International Conference on Services Computing (SCC 2013), Santa Clara, U.S., June 2013.

  32. Fang Yu, Tim Chen, Kai-Chung Hsiao, Hsun-Yao Chen, Yuan-Chieh Lee, Hao-Wen Sheng. “Innovation on Localized Information Exchange: the Services and their Implementation.“ Proceedings of the 2012 International Conference on Innovation Studies (IS 2012), Taipei, Taiwan, Dec. 2012.

  33. Shin-Ying Huang, Rua-Huan Tsaih, and Fang Yu. “The Dual Approach for Decision Making.“ Proceedings of the 43rd Decision Science Institute Annual Meeting Conference (DSI 2012), San Francisco, U.S., Nov. 2012.

  34. Daniel Y. Chao, Hung-Yi Chen and Fang Yu. “Enumeration of Reachable and Other States of Simple Version of Systems of Simple Sequential Processes with Resources  (S3PR).“ Proceedings of the 21th  IEEE International Symposium on Industrial Electronics (ISIE 2012), Hangzhou, China, May 2012.

  35. Daniel Y. Chao and Fang Yu. “Number of Reachable States for Simple Classes of Petri Nets.” Proceedings of the 37th  Annual Conference of the IEEE Industrial Electronics Society (IECON 2011), Melbourne, Australia, Nov. 2011. [ieeeexplore]

  36. Farn Wang, Chung-Hao Huang, Fang Yu. “A Temporal Logic for the Interaction of Strategies.” Proceedings of the 22nd International Conference on Concurrency Theory (CONCUR 2011), LNCS, Aachen, Germany, Sep. 2011. [acmdl]

  37. Fang Yu, Tevfik Bultan, Ben Hardkopf. “String Abstractions for String Verification.” In the Proceedings of the 18th International Symposium on Model Checking Software(SPIN 2011), LNCS, Snowbird, Utah, U.S., July 2011. [pdf]

  38. Fang Yu, Muath Alkhalaf, Tevfik Bultan. “Patching Vulnerabilities with Sanitization Synthesis.” In the Proceedings of the 33th International Conference on Software Engineering (ICSE 2011), Honolulu, U.S., May 2011. [acmdl] [pdf]

  39. Fang Yu, Tevfik Bultan, Oscar H. Ibarra. “Relational String Verification Using Multi-track Automata.” In the Proceedings of the 15th International Conference on Implementation and Application of Automata (CIAA 2010), LNCS, Winnipeg, Canada, Aug. 2010. [acmdl] [pdf]

  40. Tevfik Bultan, Fang Yu, Aysu Betin Can. “Modular Verification of Symchronization with Reentrant Locks.” In the Proceedings of the 8th International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010), Grenoble, France, July 2010. [ieeeexplore] [pdf]

  41. Fang Yu, Muath Alkhalaf, Tevfik Bultan. “Stranger: An Automata-based String Analysis Tool for PHP.” Tool paper. In the Proceedings of the 16th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2010), Paphos, Cyprus, Mar. 2010. [pdf]

  42. Fang Yu, Muath Alkhalaf, Tevfik Bultan. “Generating Vulnerability Signatures for String Manipulating Programs Using Automata-based Forward and Backward Symbolic Analyses.” Short paper. In Proceedings of the 24th IEEE/ACM International Conference on Automated Software Engineering (ASE 2009), Auckland, NZ, Nov. 2009. [pdf] [poster]

  43. Fang Yu, Tevfik Bultan, and Oscar H. Ibarra. "Symbolic String Verification: Combining String Analysis and Size Analysis," In Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2009), York, U.K., Mar. 2009. [pdf] [slide]

  44. Fang Yu, Chao Wang, Aarti Gupta, and Tevfik Bultan. "Modular Verification of Web Services Using Efficient Symbolic Encoding and Summarization." In Proceedings of the 16th ACM SIGSOFT Symposium on Foundations of Software Engineering (FSE2008), Atlanta, GA, Nov. 2008. [doi] [slide]

  45. Fang Yu, Tevfik Bultan, Marco Cova, Oscar H. Ibarra. "Symbolic String Verification: An Automata-based Approach," In Proceedings of the 15th International SPIN Workshop on Model Checking of Software (SPIN 2008), Los Angeles, CA, August 2008.[pdf] [slide]

  46. Fang Yu, Tevfik Bultan, Erik Peterson, "Automated Size Analysis for OCL," In Proceedings of the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2007). pp. 331-340, Dubrovnik, Croatia, Sep. 2007. [pdf] [slide]

  47. Oscar H. Ibarra, Sara Woodworth, Fang Yu, Andri Paun. "On Spiking Neural P Systems and Partially Blind Counter Machines," In Proceedings of the 5th International Conference on Unconventional Computation (UC 2006), York, U.K., Sep. 2006.

  48. Fang Yu, Chung-Hung Tsai, Yao-Wen Huang, Hung-Yau Lin, Der-Tsai Lee. and Sy-Yen Kuo. "Efficient Exact Spare Allocation via Boolean Satisfiability," In Proceedings of the 20th IEEE International Symposium of Defect and Fault Tolerance in VLSI Systems (DFT 2005), pp. 361-370, Montery, CA, Oct. 2005. [pdf] [ppt]

  49. Fang Yu and Bow-Yaw Wang. "Toward Unbounded Model Checking for Region Automata." In Proceedings of the 2nd International Symposium on Automated Technology for Verification and Analysis (ATVA 2004), LNCS 3299, pp. 20-33, Taipei, Taiwan, November 2004.[pdf] [ppt]

  50. Fang Yu, Bow-Yaw Wang and Yaw-Wen Huang. "Bounded Model Checking for Region Automata." In Proceedings of the Joint Conference on Formal Modelling and Analysis of Timed Systems and Formal Techniques in Real-Time and Fault Tolerant System (FORMATS-FTRTFT 2004), LNCS 3253, pages 246-262, Grenoble, France, Sep. 2004. [pdf] [ppt]

  51. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo. "Verifying Web Applications Using Bounded Model Checking." In Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN 2004), pages 199-208, Florence, Italy, Jun 28-Jul 1, 2004. [pdf] [ppt]

  52. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo. "Securing Web Application Code by Static Analysis and Runtime Protection." In Proceedings of the 13th International World Wide Web Conference (WWW 2004), pages 40-52, New York, US, May 2004. [pdf] [ppt] (Best Paper Nominee)

  53. Farn Wang, Geng-Dian Huang, and Fang Yu. "Numerical Coverage Estimation for the Symbolic Simulation of Real-Time Systems." In: Proceedings of the 23rd IFIP International Conference on Formal Techniques for Networked and Distributed Systems (FORTE 03), LNCS 2767, October 2003.

  54. Farn Wang, Geng-Dian Huang, and Fang Yu. "TCTL Inevitability Analysis of Dense-time Systems." In Proceedings of the 8th International Conference on Implementation and Application of Automata (CIAA 03), LNCS 2759, July 2003.

  55. Farn Wang and Fang Yu. "OVL Assertion Checking of Embedded Software with Dense-Time Semantics." In Proceedings of the 9th International Conference on Real-Time and Embedded Computing Systems and Applications (RTCSA 2003), LNCS 2968, Taipei, Taiwan, Feb. 2003.

  56. Farn Wang, Geng-Dian Huang, and Fang Yu. "Symbolic Simulation of Real-Time Concurrent Systems." In Proceedings of the 9th International Conference on Real-Time and Embedded Computing Systems and Applications (RTCSA 2003), LNCS 2968, Taipei, Taiwan, Feb. 2003.

Patent

  1. "Modular Verification of Web Services Using Efficient Symbolic Encoding and Summarization," with Chao Wang and Aarti Gupta. US Patent. Application number: 12/395,955, Publication number: US 2009/0222249 A1, Filing date: Mar 2, 2009 [USPTO]

  2. "System and Method for Securing Web Application Code and Verifying Correctness of Software," with Yao-Wen Huang, Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, Sy-Yen Kuo. US Patent. Application number: 12/850,817, Publication number: US 2011/0197180 A1, Filing date: Aug 5, 2010 [USPTO]