The documents listed below have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Refereed Papers (Google Scholar)

2024
  • Donapi: Malicious NPM Packages Detector using Behavior Sequence Knowledge Mapping
    Cheng Huang, Nannan Wang*, Ziyan Wang, Siqi Sun, Lingzi Li, Junren Chen, Qianchong Zhao, Jiaxuan Han, Zhen Yang and Lei Shi
    The 33rd USENIX Security Symposium (USENIX Security '24), 2024
    C DOI Demo PDF CCF A

  • Automated Discovery and Mapping ATT&CK Tactics and Techniques for Unstructured Cyber Threat Intelligence
    Lingzi Li, Cheng Huang*, Junren Chen
    Computers & Security, 2024
    J DOI Code Data PDF CCF B

  • VioDroid-Finder: Automated Evaluation of Compliance and Consistency for Android Apps
    Junren Chen, Cheng Huang*, Jiaxuan Han
    Empirical Software Engineering, 2024
    J DOI Code Data PDF CCF B

  • 基于目标识别与主题引导对话的黑灰产威胁情报挖掘
    罗双春, 黄诚*, 孙恩博
    信息安全学报, 2023.
    J DOI PDF CCF B

  • CyberEA: An Efficient Entity Alignment Framework for Cybersecurity Knowledge Graph
    Yue Huang, Yongyan Guo, Cheng Huang*
    The 19th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2023), 2023
    C CCF C

2023
  • APTBert: Abstract Generation and Event Extraction from APT Reports
    Chenxin Zhou, Cheng Huang*, Zheng Zuo
    The 14th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C 2023), 2023
    C CCF C

  • An Empirical Study of Malicious Code In PyPI Ecosystem
    Wenbo Guo, Zhengzi Xu*, Chengwei Liu, Cheng Huang, Yong Fang*, Yang Liu
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE 2023), 2023:166-177
    C DOI CCF A

  • SecTKG: A Knowledge Graph for Open Source Security Tools
    Siqi Sun, Cheng Huang*, Tiejun Wu and Yi Shen
    International Journal of Intelligent Systems, 2023
    J DOI Code PDF Q1

  • A Framework for Threat Intelligence Extraction and Fusion
    Yongyan Guo, Zhengyu Liu, Cheng Huang*, Nannan Wang, Hai Min, Wenbo Guo and Jiayong Liu
    Computers & Security, 2023(132), 103371
    J DOI CCF B

  • Unveiling Cybersecurity Threats from Online Chat Groups: A Triple Extraction Approach
    Zhen Yang, Cheng Huang*, and Jiayong Liu
    The 16th International Conference on Knowledge Science, Engineering and Management (KSEM 2023). 2023
    C DOI CCF C

  • bjXnet: an improved bug localization model based on code property graph and attention mechanism
    Jiaxuan Han, Cheng Huang*, Siqi Sun, Zhonglin Liu and Jiayong Liu
    Automated Software Engineering, 2023(30), 12
    J DOI CCF B

  • Coreference Resolution for Cybersecurity Entity: Towards Explicit, Comprehensive Cybersecurity Knowledge Graph with Low Redundancy
    Zhengyu Liu, Haochen Su, Nannan Wang, Cheng Huang*
    The 18th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2022), Springer, Cham, 2023:89-108
    C DOI Code CCF C

  • VULDEFF: Vulnerability Detection Method Based on Function Fingerprints and Code Differences
    Qianchong Zhao, Cheng Huang*, and Liuhu Dai
    Knowledge-based Systems, 2023(260), 110139
    J DOI Data JCR Q1

  • MFXSS: An effective XSS vulnerability detection method in JavaScript based on multi-feature model
    Zhonglin Liu, Yong Fang, Cheng Huang*, Yijia Xu
    Computers & Security, 2023(124), 103015
    J DOI CCF B

  • ExpSeeker: Extract Public Exploit Code Information from Social Media
    Yutong Du, Cheng Huang*, Genpei Liang, Zhihao Fu, Dunhan Li, Yong Ding
    Applied Intelligence, 2023(53), 15772–15786
    J DOI JCR Q1

2022
  • CSCD: A Cyber Security Community Detection Scheme on Online Social Networks
    Yutong Zeng, Honghao Yu, Tiejun Wu, Yong Chen, Xing Lan, and Cheng Huang*
    The 13th EAI International Conference on Digital Forensics & Cyber Crime (ICDF2C 2022), 2022
    C DOI CCF C

  • Viopolicy-Detector: An Automated Approach to Detecting GDPR Compliance Violations in Websites
    Haoran Ou, Yong Fang, Wenbo Guo, Yongyan Guo, Cheng Huang*
    The 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2022), 2022:409–430
    C DOI CCF B

  • HyVulDect: A Hybrid Semantic Vulnerability Mining System Based on Graph Neural Network
    Wenbo Guo, Yong Fang, Cheng Huang*, Haoran Ou, Chun Lin, Yongyan Guo
    Computers & Security, 2022(121), 102823
    J DOI CCF B

  • WAIN: Automatic Web Application Identification and Naming Method
    Yuqiang Sun, Dunhan Li, Yixin Wu, Xuelin Wan, Cheng Huang*
    In 13th Asia-Pacific Symposium on Internetware (Internetware 2022). Association for Computing Machinery, New York, NY, USA, 37–44. 2022
    C DOI CCF C

  • Spotlight on Video Piracy Websites: Familial Analysis Based on Multidimensional Feature
    Chenlin Wang, Yonghao Yu, Ao Pu, Fan Shi*, Cheng Huang
    The 15th International Conference on Knowledge Science, Engineering and Management (KSEM 2022), Lecture Notes in Computer Science, vol 13370. Springer, Cham. 2022
    C DOI CCF C

  • JStrong: Malicious JavaScript Detection Based on Code Semantic Representation and Graph Neural Network
    Yong Fang, Chaoyi Huang, Minchuan Zeng, Zhiying Zhao, Cheng Huang*
    Computers & Security, 2022(118),102715
    J DOI CCF B

  • GraphXSS: An Efficient XSS Payload Detection Approach Based on Graph Convolutional Network
    Zhonglin Liu, Yong Fang, Cheng Huang*, Jiaxuan Han
    Computers & Security, 2022(114):102597
    J DOI CCF B

  • GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm
    Zhonglin Liu, Yong Fang, Cheng Huang*, Yijia Xu
    Security and Communication Networks, 2022:2031924
    J DOI PDF CCF C

  • HGHAN: Hacker group identification based on heterogeneous graph attention network
    Yijia Xu, Yong Fang, Cheng Huang*, Zhonglin Liu
    Information Sciences, 2022(612):848-863.
    J DOI JCR 1

  • LMTracker: Lateral Movement Path Detection based on Heterogeneous Graph Embedding
    Yong Fang, Congshuang Wang, Zhiyang Fang, Cheng Huang*
    Neurocomputing, 2022(474):37-47.
    J DOI JCR 2

  • 面向项目版本差异性的漏洞识别技术研究
    黄诚, 孙明旭*, 段仁语, 吴苏晟, 陈斌
    网络与信息安全学报, 2022, 8(1):52-62.
    J DOI PDF CCF C

  • 源代码漏洞静态分析技术
    刘嘉勇, 韩家璇, 黄诚*
    信息安全学报, 2022,7(4):100-113.
    J DOI PDF CCF B

2021
  • No Pie in The Sky: The Digital Currency Fraud Website Detection
    Haoran Ou, Yongyan Guo, Chaoyi Huang, Zhiying Zhao, Wenbo Guo, Yong Fang, Cheng Huang*
    International Conference on Digital Forensics & Cyber Crime (ICDF2C), 2021.
    C DOI CCF C

  • CyberRel: Joint Entity and Relation Extraction for Cybersecurity Concepts
    Yongyan Guo, Zhengyu Liu, Cheng Huang*, Jiayong Liu, Wangyuan Jing, Ziwang Wang, Yanghao Wang
    International Conference on Information and Communications Security (ICICS), Springer, Cham, 2021:447-463.
    C DOI PDF Best Student Paper CCF C

  • Malicious Packages Lurking in User-Friendly Python Package Index
    Genpei Liang, Xiangyu Zhou, Qingyu Wang, Yutong Du, Cheng Huang*
    IEEE International Conference on Trust, Security and Privacy in Computing and Communications(TrustCom), Shenyang, China, 2021:606-613.
    C DOI CCF C

  • DeepVuler: A Vulnerability Intelligence Mining System for Open-Source Communities
    Susheng Wu, Bin Chen, MingXu Sun, Renyu Duan, Qixiang Zhang, Cheng Huang*
    IEEE International Conference on Trust, Security and Privacy in Computing and Communications(TrustCom), Shengyang, China, 2021:598-605.
    C DOI Data CCF C

  • HackerRank: Identifying key hackers in underground forums
    Cheng Huang, Yongyan Guo*, Wenbo Guo, Ying Li
    International Journal of Distributed Sensor Networks, 2021, 17(5):15501477211015145.
    J DOI PDF

  • Effective method for detecting malicious PowerShell scripts based on hybrid features
    Yong Fang, Xiangyu Zhou, Cheng Huang*
    Neurocomputing, 2021(448):30-39.
    J DOI Data JCR 2

  • NEDetector: Automatically Extracting Cybersecurity Neologisms from Hacker Forums
    Ying Li, Jiaxing Cheng, Cheng Huang*, etc.
    Journal of Information Security and Applications, 2021(58):102784.
    J DOI CCF C

  • ExSense: Extract Sensitive Information from Unstructured Data
    Yongyan Guo, Jiayong Liu, Wenwu Tang and Cheng Huang*
    Computers & Security, 2021(102):102156.
    J DOI PDF CCF B

  • CyberEyes: Cybersecurity Entity Recognition Model Based on Graph Convolutional Network
    Yong Fang, Yuchi Zhang,Cheng Huang*
    The Computer Journal, 2021, 64(8): 1215-1225.
    J DOI PDF CCF B

2020
  • Detecting Web Spam Based on Novel Features from Web Page Source Code
    Jiayong Liu, Yu Su, Shun Lv and Cheng Huang*
    Security and Communication Networks, 2020:6662166.
    J DOI CCF C

  • GroupTracer: Automatic Attacker TTP Profile Extraction and Group Cluster in Internet of Things
    Yixin Wu, Cheng Huang*, Xing Zhang and Hongyi Zhou
    Security and Communication Networks, 2020:8842539.
    J DOI PDF CCF C

  • Detecting DNS tunnels using session behavior and random forest method
    Yang Zhao, Hongzhi Ye, Lingzi Li, Cheng Huang, Zhang Tao*
    IEEE Fifth International Conference on Data Science in Cyberspace (DSC), IEEE, 2020: 45-52.
    C DOI

  • Detecting Cyber Threat Event from Twitter Using IDCNN and BiLSTM
    Yong Fang, Jian Gao, Zhonglin Liu*, Cheng Huang
    Applied Sciences, 2020, 10(17), 5922.
    J DOI Data PDF JCR 3

  • Covert Timing Channel Detection Method Based on Time Interval and Payload Length Analysis
    Jiaxuan Han, Cheng Huang, Fan Shi, Jiayong Liu*
    Computers & Security, 2020(97), 101952.
    J DOI CCF B

  • XSS Guardian: A Static XSS Detector Based on Data Stream Input-Output Association Mining
    Chenghao Li†, Yiding Wang†, Changwei Miao† and Cheng Huang*
    Applied Sciences, 2020, 10(14), 4740.
    J DOI PDF Data JCR 3

  • EmailDetective: An Email Authorship Identification and Verification Model
    Yong Fang, Yue Yang, Cheng Huang*
    The Computer Journal, 2020, 63(11):1775-1787.
    J DOI Data CCF B

  • Providing Email Privacy by Preventing Webmail from Loading Malicious XSS Payloads
    Yong Fang, Yijia Xu, Peng Jia and Cheng Huang*
    Applied Sciences, 2020, 10(13), 4425.
    J DOI PDF JCR 3

  • MeLAD: an integrated resource for metalloenzyme-ligand associations
    Gen Li†, Yu Su†, Yu-Hang Yan, Jia-Yi Peng, etc., Cheng Huang*, Guo-Bo Li*
    Bioinformatics, 2020 36(3): 904-909.
    J DOI Tool JCR 2

  • Detecting Malicious JavaScript Code Based on Semantic Analysis
    Yong Fang, Cheng Huang*, Yu Su, Yaoyao Qiu
    Computers & Security, 2020(93):101764
    J DOI CCF B

  • FastEmbed: Predicting vulnerability exploitation possibility based on ensemble machine learning algorithm
    Yong Fang, Yongcheng Liu, Cheng Huang*, Liang Liu
    PLoS One, 2020, 15(2): e0228439.
    J DOI PDF Data JCR 3

2019
  • Session-based Webshell Detection using Machine Learning in Web Logs
    Yixin Wu, Yuqiang Sun, Cheng Huang*, Peng Jia, and Luping Liu
    Security and Communication Networks, 2019, 3093809.
    J DOI PDF CCF C

  • Automatic Identification of Honeypot Server Using Machine Learning Techniques
    Cheng Huang, Jiaxuan Han, Xing Zhang, and Jiayong Liu*
    Security and Communication Networks, 2019, 2627608.
    J DOI PDF CCF C

  • Credit Card Fraud Detection Based on Machine Learning
    Yong Fang, Yunyun Zhang, Cheng Huang*
    Computers, Materials and Continua, 2019 61(1): 185-195.
    J DOI PDF JCR 4

  • Self Multi-Head Attention-based Convolutional Neural Networks for fake news detection
    Yong Fang, Jian Gao, Cheng Huang*, Hua Peng, Runpu Wu
    PloS One, 2019 14(9):e0222713.
    J DOI PDF Data JCR 3

  • TAP: A static analysis model for PHP vulnerabilities based on token and deep learning technology
    Yong Fang, Shenjun Han, Cheng Huang*, Runpu Wu
    PloS One, 2019 14(11):e0225196.
    J DOI PDF Data JCR 3

  • Phishing Email Detection Using Improved RCNN Model With Multilevel Vectors and Attention Mechanism
    Yong Fang, Cheng Zhang, Cheng Huang*, Liang Liu, Yue Yang
    IEEE Access, 2019(7): 56329-56340.
    J DOI PDF JCR 2

  • Analyzing and Identifying Data Breaches in Underground Forums
    Yong Fang, Yusong Guo, Cheng Huang*, Liang Liu
    IEEE Access, 2019(7):48770-48777.
    J DOI PDF JCR 3

  • RLXSS: Optimizing XSS Detection Model to Defend Against Adversarial Attacks Based on Reinforcement Learning
    Yong Fang, Cheng Huang*, Yijia Xu, Yang Li
    Future Internet, 2019, 11(8): 177.
    J DOI PDF

2018
  • Analysis of a large data set to identify predictors of blood transfusion in primary total hip and knee arthroplasty
    ZeYu Huang†, Cheng Huang†, JinWei Xie†, Jun Ma†, etc.
    Transfusion, 2018, 58(8): 1855-1862.
    J DOI JCR 3

  • Research on Malicious JavaScript Detection Technology Based on LSTM
    Yong Fang, Cheng Huang*, Liang Liu, Min Xue
    IEEE Access, 2018, 6: 59118-59125.
    J DOI PDF JCR 2

  • Webshell Detection Based on Random Forest-Gradient Boosting Decision Tree Algorithm
    Handong Cui, Delu Huang, Yong Fang, Liang Liu, Cheng Huang*
    2018 IEEE Third International Conference on Data Science in Cyberspace(DSC)
    Guangzhou, China, June 2018.
    C DOI PDF

  • WOVSQLI: Detection of SQL injection behaviors using word vector and LSTM
    Yong Fang, Jiayi Peng, Liang Liu, Cheng Huang*
    Proceedings of the 2nd International Conference on Cryptography, Security and Privacy(ICCSP)
    Guiyang, China, March 2018.
    C DOI PDF Best Paper Award

  • DarkHunter: A Fingerprint Recognition Model for Web Automated Scanners Based on CNN
    Yong Fang, Xiao Long, Liang Liu, Cheng Huang*
    Proceedings of the 2nd International Conference on Cryptography, Security and Privacy(ICCSP)
    Guiyang, China, March 2018.
    C DOI PDF Best Paper Award

  • Detecting Webshell Based on Random Forest with FastText
    Yong Fang, Yaoyao Qiu, Liang Liu*, Cheng Huang
    Proceedings of the 2018 International Conference on Computing and Artificial Intelligence(ICCAI)
    Chengdu, China, March 2018.
    C DOI PDF

  • DeepXSS: Cross Site Scripting Detection Based on Deep Learning
    Yong Fang, Yang Li, Liang Liu*, Cheng Huang
    Proceedings of the 2018 International Conference on Computing and Artificial Intelligence(ICCAI)
    Chengdu, China, March 2018.
    C DOI PDF

2017
  • Gossip: Automatically Identifying Malicious Domains from Mailing List Discussions
    Cheng Huang, Shuang Hao, Luca Invernizzi, JiaYong Liu, Yong Fang, Christopher Kruegel, Giovanni Vigna
    Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS)
    Abu Dhabi, United Arab Emirates, April 2017.
    C DOI PDF CCF C

2016
  • A Study on Web Security Incidents in China by Analyzing Vulnerability Disclosure Platforms
    Cheng Huang, JiaYong Liu*, Yong Fang, Zheng Zuo
    Computers & Security, 2016(58): 47-62
    J DOI CCF B

发明专利/软件著作权/标准

发明专利
  • 一种基于对抗迁移学习的预训练漏洞修复方法
    黄诚; 侯靖; 韦英炜; 李乐融
    ZL202311135429.7
  • 一种基于智能对话的主动式网络信息挖掘方法
    黄诚; 罗双春; 杨振
    ZL202211294736.5
  • 一种应用程序越界收集个人信息行为的判定方法
    黄诚; 陈俊任; 王子岩
    ZL202211320374.2
  • 基于单分类和联邦学习的远程代码执行攻击检测方法
    黄诚; 赵书立; 韩家璇; 汪扬; 李希然; 黄嘉; 胡海馨
    ZL202211108049.X
  • 一种面向开源项目的安全性自动化评估方法及装置
    黄诚; 王子岩; 孙思琦; 杨振
    ZL202310039038.9
  • 一种面向CVE的漏洞可利用性预测方法
    黄诚; 李凌自; 曾雨潼
    ZL202211295039.1
  • 一种APT攻击报告事件抽取方法、系统和存储介质
    黄诚; 周辰昕
    ZL202310472042.4
  • 一种面向物联网固件漏洞挖掘与靶场搭建的方法与装置
    黄诚; 王楠楠
    ZL202210765307.5
  • 一种基于函数级代码相似性的漏洞检测方法
    黄诚; 赵倩崇; 郭勇延
    ZL202111071388.0
  • 一种TTP自动化提取与攻击团队聚类的方法
    黄诚; 吴怡欣
    ZL202010353068.3
  • 一种从非结构化数据中提取网络安全新词的方法
    黄诚; 李滢; 程嘉兴
    ZL202010353099.9
  • 一种面向文本数据的威胁情报知识图谱构建方法
    黄诚; 方勇; 姜政伟; 彭嘉毅; 杨悦
    ZL201910805363.5
  • 一种针对社交网络中漏洞利用知识库的构建方法
    黄诚; 杜予同; 梁根培
    ZL202110301718.4
  • 基于半监督密度聚类的恶意代码家族同源性分析技术
    方勇; 刘亮; 黄诚; 荣俸萍; 张与弛
    ZL201810744345.6
  • 一种基于迭代式TTL-IPID数据包分类的网络拓扑自动生成装置
    方勇; 黄诚; 刘亮; 季凡; 徐承文; 杜海章; 张钊; 何良
    ZL201310032181.1
软件著作权
  • APT威胁情报查询平台, 四川大学, SN: 2020SR1750036
  • 面向源代码社区的漏洞情报检测平台, 四川大学, SN: 2020SR1750051
  • 开源包恶意性检测系统, 四川大学, SN: 2020SR1750048
  • Docker容器安全智能检测平台, 四川大学, SN: 2020SR0003540
  • Webshell智能检测平台, 四川大学, SN: 2020SR0003539
  • 社交平台威胁情报分析系统, 四川大学, SN: 2020SR0003538
  • 数据库智能审计系统, 四川大学, SN: 2020SR0003537
中国标准
  • 信息安全技术 术语, 中国标准 , GB/T 25069-2022