Welcome to Yuhong Nan's Homepage

I am currently an Associate Professor in the School of Software Engineering at Sun Yat-sen University (Zhongshan University). Prior to this, I was a Postdoctoral Research Associate in the Department of Computer Science at Purdue University, where I worked with Prof. Dongyan Xu. I received my Ph.D. from Fudan University in 2018, under the supervision of Prof. Min Yang. I am recognized as one of the active top authors in publishing at leading security venues [1][2].

My research interests broadly span software security and user privacy, with a primary focus on analyzing and enhancing the security and privacy of emerging platforms, including LLM Agents, Blockchain, and Mobile ecosystems. My research involves designing and developing practical systems and tools to systematically detect, mitigate, and remediate a wide spectrum of security and privacy threats.

I am always looking for self-motivated students to join my group at Sun Yat-sen University. Please refer to my publications below for more information about my ongoing research projects. If you are interested, feel free to reach out via email with your CV.

Publications

• [ICSE'26] Zhijie Zhong, Yuhong Nan, Mingxi Ye, Qing Xue, Jiashui Wang, Xinlei Ying, Long Liu, Zibin Zheng. "Is My RPC Response Reliable? Detecting RPC Bugs in Ethereum Blockchain Client under Context". In Proceedings of the 48th ACM/IEEE International Conference on Software Engineering.
• [Security'26] Jinsheng Yang, Siyang Guo, Huaqian Qin, Taiyu Wang, Junbo Wang, Yuhong Nan, Zibin Zheng, Kaiming Zhu. "Cracking Federated Privacy: Initialization-Resilient Gradient Inversion with Fine-Grained Reconstruction". In USENIX Security Symposium 2026.
• [Security'25] Xin Zhang, Xiaohan Zhang, Bo Zhao, Yuhong Nan, Zhichen Liu, Jianzhou Chen, Huijun Zhou, Min Yang. "Demystifying the (In)Security of QR Code-based Login in Real-world Deployments". USENIX Security Symposium 2025: 3161-3180.
• [ICSE'25] Jingwen Zhang, Zibin Zheng, Yuhong Nan, Mingxi Ye, Kaiwen Ning, Yu Zhang, Weizhe Zhang. "Smartreco: Detecting Read-Only Reentrancy via Fine-Grained Cross-DApp Analysis". In Proceedings of the 47th ACM/IEEE International Conference on Software Engineering. ICSE 2025: 2138-2150.
• [TOSEM'25] Sicheng Hao, Yuhong Nan, Zeqin Liao, Juan Zhai, Zibin Zheng. "Detecting and Analyzing Fine-grained Third-party Library Dependencies in Solidity Smart Contracts". ACM Transactions on Software Engineering and Methodology (2025).
• [TSE'25] Wei Li, Yuhong Nan, Mingxi Ye, Jingwen Zhang, Peilin Zheng, Zibin Zheng. "ASTRO: Detecting Access Control Vulnerabilities in Smart Contracts via Graph Similarity Comparison". IEEE Trans. Software Eng. 51(12): 3267-3283 (2025).
• [TSE'25] Zeqin Liao, Yuhong Nan, Zixu Gao, Henglong Liang, Sicheng Hao, Jiajing Wu, Zibin Zheng. "Satellite: Detecting and Analyzing Smart Contract Vulnerabilities Caused by Subcontract Misuse". IEEE Trans. Software Eng. 51(12): 3360-3375 (2025).
• [TSE'25] Zeqin Liao, Yuhong Nan, Zixu Gao, Henglong Liang, Sicheng Hao, Peifan Reng, Zibin Zheng. "Augmenting Smart Contract Decompiler Output Through Fine-Grained Dependency Analysis and LLM-Facilitated Semantic Recovery". IEEE Trans. Software Eng. 51(12): 3574-3590 (2025).
• [ASE'25] Jingwen Zhang, Yuhong Nan, Wei Li, Kaiwen Ning, Zewei Lin, Zitong Yao, Yuming Feng, Weizhe Zhang, Zibin Zheng. "Finding Insecure State Dependency in DApps via Multi-Source Tracing and Semantic Enrichment". In Proceedings of the 40th IEEE/ACM International Conference on Automated Software Engineering. ASE 2025: 1529-1540.
• [CCS’24] Shuai Li, Zhemin Yang, Yuhong Nan, Shutian Yu, Qirui Zhu, Min Yang. “Are We Getting Well-informed? An In-depth Study of Runtime Privacy Notice Practice in Mobile Apps”. In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS’24). [Top] [CCF A].
• [CCS’24] Mingming Zha, Zilong Lin, Siyuan Tang, Xiaojing Liao, Yuhong Nan, XiaoFeng Wang. “Understanding Cross-Platform Referral Traffic for Illicit Drug Promotion”. In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS’24). [Top] [CCF A].
• [IOTJ’24] Peifu Yang, Yuhong Nan, Lei Xue, Yuliang Zhang, Juan Zhai, Zibin Zheng. “Understanding Privacy Risks of Intelligent Connected Vehicles Through Their Companion Mobile Apps”. In IEEE Internet Things Journal, 11(20): 33683-33695 (2024).
• [FSE’24] Zeqin Liao, Yuhong Nan, Henglong Liang, Sicheng Hao, Juan Zhai, Jiajing Wu, Zibin Zheng. “SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis”. In Proceedings of the ACM on Software Engineering, Volume 1, Issue FSE (FSE’24). [Top] [CCF A].
• [ISSTA’24] Mingxi Ye, Xingwei Lin, Yuhong Nan, Jiajing Wu, Zibin Zheng. “Midas: Mining Profitable Exploits in On-Chain Smart Contracts via Feedback-Driven Fuzzing and Differential Analysis”. In Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’24). [Top] [CCF A].
• [Security'24] Yifan Zhang, Zhaojie Hu, Xueqiang Wang, Yuhui Hong, Yuhong Nan, XiaoFeng Wang, Jiatao Cheng, Luyi Xing. "Navigating the Privacy Compliance Maze: Understanding Risks with Privacy-Configurable Mobile SDKs." In Proceedings of the 33th USENIX Security Symposium (USENIX Security'24). [Top] [CCF-A].
• [NDSS'24] Jiangrong Wu, Yuhong Nan, Luyi Xing, Jiatao Cheng, Zimin Lin, Zibin Zheng, Min Yang. "Leaking the Privacy of Groups and More:Understanding Privacy Risks of Cross-App Content Sharing in Mobile Ecosystem." In proceedings of the 31th Network and Distributed System Security Symposium. [Top] [CCF-A].
• [Security'24] Zian Jia, Yun Xiong, Yuhong Nan, Yao Zhang, Jinjing Zhao, Mi Wen. "MAGIC: Detecting Advanced Persistent Threats via Masked Graph Representation Learning." In Proceedings of the 33th USENIX Security Symposium (USENIX Security'24). [Top] [CCF-A].
• [ICSE'24] Zhijie Zhong, Hong-Ning Dai, Zibin Zheng, Qing Xue, Junjia Chen, Yuhong Nan. "PrettySmart: Detecting Permission Re-delegation Vulnerability for Token Behaviors in Smart Contracts." In Proceedings of the 46th ACM/IEEE International Conference on Software Engineering. [Top] [CCF-A].
• [ASE'23] Sicheng Hao, Yuhong Nan, Zibin Zheng, Xiaohui Liu. "SmartCoco: Checking Comment-code Inconsistency in Smart Contracts via Constraint Propagation and Binding." In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering. [Top] [CCF-A].
• [Security'23] Hailun Ding, Juan Zhai, Yuhong Nan and Shiqing Ma. "AIRTAG: Towards Automated Attack Investigation by Unsupervised Learning with Log Texts." In Proceedings of the 32th USENIX Security Symposium (USENIX Security'23). [Top] [CCF-A].
• [Security'23] Yuhong Nan*, Xueqiang Wang*, Luyi Xing, Xiaojing Liao, Ruoyu Wu, Jianliang Wu, Yifan Zhang, and XiaoFeng Wang. "Are You Spying on Me? Large-Scale Analysis on IoT Data Exposure through Companion Apps". In Proceedings of the 32th USENIX Security Symposium. [Top] [CCF-A].
• [DSN'23] Zhaoxin Cai, Yuhong Nan, Xueqiang Wang, Mengyi Long, Qihua Ou, Zibin Zheng, and Min Yang. "DARPA: Combating Asymmetric Dark UI Patterns on Android with Run-time View Decorator." IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023. [CCF-B].
• [ISSTA'23] Zeqin Liao, Sicheng Hao, Yuhong Nan, and Zibin Zheng. "SmartState : Detecting State-reverting Vulnerabilities in Smart Contracts via Fine-grained State-dependency Analysis." In proceedings of the 32th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23). [Top] [CCF-A].
• [ISSTA'23] Mingxi Ye, Yuhong Nan, Zibin Zheng, Dongpeng Wu and Huizhong Li. "Detecting State Inconsistency Bugs in DApps via On-Chain Transaction Replay and Fuzzing". In proceedings of the 32th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23). [Top] [CCF-A].
• [ISSTA'22] Zeqin Liao, Zibin Zheng, Xiao Chen and Yuhong Nan. "SmartDagger: A Bytecode-based Static Analysis Approach for Detecting Cross-contract Vulnerability." In proceedings of the 31th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'22). [Top] [CCF-A].
• [Security'22] Fei Wang, Jianliang Wu, Yuhong Nan, Yousra Aafer, Xiangyu Zhang, Dongyan Xu, and Mathias Payer. "ProFactory: Improving IoT Security via Formalized Protocol Customization." In proceedings of the 31th USENIX Security Symposium (USENIX Security'22). [Top] [CCF-A].
• [NDSS'22] Mingming Zha, Jice Wang, Yuhong Nan, XiaoFeng Wang, Yuqing Zhang, and Weidong Jing. "Hazard Integrated: Understanding Security Risks in App Extensions to Team Chat Systems." In proceedings of the 29th Network and Distributed System Security Symposium (NDSS'22). [Top] [CCF-A].
• [DSN'22] Ziyi Zhou, Xing Han, Zeyuan Chen, Yuhong Nan, Juanru Li, Dawu Gu, "SIMulation: Demystifying (Insecure) Cellular Network-based One-Tap Authentication Services." IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2022. [CCF-B].
• [NDSS'21] Zeyu Lei, Yuhong Nan, Yanick Fratantonio and Antonio Bianchi. "On the Insecurity of SMS One-Time Password Messages against Local Attackers in Modern Mobile Devices." In proceedings of the 28th Network and Distributed System Security Symposium. [Top] [CCF-A].
• [Security'21] Jice Wang, Yue Xiao, Xueqiang Wang, Yuhong Nan, Luyi Xing, Xiaojing Liao, Jinwei Dong, Nicolas Serrano, Haoran Lu, Xiaofeng Wang, and Yuqing Zhang. "Understanding Malicious Cross-library Data Harvesting on Android." In proceedings of the 30th USENIX Security Symposium. [Top] [CCF-A].
• [Security'21] Abdulellah Alsaheel*, Yuhong Nan*, Shiqing Ma, Le Yu, Gregory Walkup, Berkay Celik, Xiangyu Zhang and Dongyan Xu."ATLAS: A Sequence-based Learning Approach for Attack Investigation." In proceedings of the 30th USENIX Security Symposium. [Top] [CCF-A]
• [RAID'20] Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Mathias Payer, and Dongyan Xu."BlueShield: Detecting Spoofing Attacks in Bluetooth Low Energy (BLE) Networks." In proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses. [CCF-B]
• [WOOT'20] Jianliang Wu, Yuhong Nan, Vireshwar Kumar, Dave (Jing) Tian, Antonio Bianchi, Mathias Payer, and Dongyan Xu. "BLESA: Spoofing Attacks against Reconnections in Bluetooth Low Energy." In proceedings of the 14th USENIX Workshop on Offensive Technologies.
• [CCS'18] Geng Hong, Zhemin Yang, Sen Yang, Lei Zhang, Yuhong Nan, Zhibo Zhang, Min Yang, Yuan Zhang, Zhiyun Qian, Haixin Duan. "How You Get Shot in the Back: A Systematical Study about Cryptojacking in the Real World." In proceedings of the 25th ACM Conference on Computer and Communications Security (CCS'18). [Top] [CCF-A].
• [NDSS'18] Yuhong Nan, Zhemin Yang, Xiaofeng Wang, Yuan Zhang, Donglai Zhu and Min Yang. "Finding Clues For Your Secrets: Semantics Driven, Learning Based Privacy Discovery in Mobile Apps." In proceedings of the 25th Network and Distributed System Security Symposium. [Top] [CCF-A].
• [TIFS'17] Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "Identifying User-Input Privacy in Mobile Applications at a Large Scale." IEEE Transactions on Information Forensics and Security 12, no. 3 (2017): 647-661. [Top] [CCF-A].
• [Security'15] Yuhong Nan, Zhemin Yang, Min Yang, Shunfan Zhou, Yuan Zhang, Guofei Gu, Xiaofeng Wang, and Limin Sun. "UIPicker: User-Input Privacy Identification in Mobile Applications." In proceedings of the 24th USENIX Security Symposium. [Top] [CCF-A]. 

Students

PhDs (co-advised with Prof. Zibin Zheng)

• 2025 Yuming Xiao
• 2023 Jiangrong Wu, Jingwen Zhang, Bowei Su
• 2022 Mingxi Ye, Sicheng Hao, Wei Li, Zhijie Zhong
• 2021 Zeqin Liao (PostDoc@NTU)

Master Students

• 2025 Zitong Yao, Yixi Lin
• 2024 Mengyi Long, Yiming Zhang
• 2023 Xun Zhu, Zhefan Chen, Shaojiang Wang
• 2022 Jiatao Chen (Phd@HKU), Jiayin Huang, Dongpeng Wu (WizardQuant)
• 2021 Zhaoxin Cai (Tencent), Peifu Yang (Tencent)

Academic Services

• The 2nd ACM Workshop on Explainable and Reliable Software Systems (EXPRESS 2026, co-located with SPLASH/ISSTA 2026), Organizing Committee Member
• The USENIX Security Symposium 2026, PC Member
• The ACM Conference on Computer and Communications Security (CCS) 2024, 2025, 2026, PC Member
• The IEEE/ACM International Conference on Automated Software Engineering (ASE) 2024, PC Member
• ACM Asia Conference on Computer and Communications Security (ASIACCS) 2021, 2022, PC Member
• International Conference on Information and Communications Security (ICICS) 2021, 2022, PC Member
• IEEE Transactions on Dependable and Secure Computing (TDSC), Reviewer
• IEEE Transactions on Information Forensics and Security (TIFS), Reviewer
• IEEE Transactions on Software Engineering (TSE), Reviewer
• IEEE Transactions on Mobile Computing (TMC), Reviewer
• ACM Transactions on Software Engineering and Methodology (TOSEM), Reviewer
• ACM Computing Surveys (CSUR), Reviewer
• ACM Transactions on Architecture and Code Optimization (TACO), Reviewer
• ACM Transactions on Privacy and Security (TOPS), Reviewer