I work at Research in Software and Security (RiSS) Group as a PhD candidate at Yangzhou University now, supervised by Prof. Xiaobing Sun. Our group and I are open to collaboration and communication. If you want to share awesome ideas, feel free to contact me.

My research interest includes Software Engineering (SE) and Deep Learning (DL). I have published over 10 papers at the top international SE/Security conferences (e.g., ICSE, ASE, S&P) and journals (e.g., TOSEM, TII).

🔥 News

  • [2024.09]  🎉 Invited to serve as a Junior PC of MSR 2025!
  • [2024.08]  🎉 Two paper are accepted by the Research track of ASE 2024!
  • [2024.07]  🎉 Invited to serve as a shadow PC of ICSE 2025!
  • [2024.06]  🎉 Invited to serve as a program committee member of Industry Track of ASE 2024!
  • [2024.05]  🎉 One paper is accepted by IEEE TII!
  • [2024.04]  🎉 Invited to serve as the registration chair of FSE 2024!
  • [2024.03]  🎉 One paper is accepted by IEEE IoTJ!
  • [2023.12]  🎉 One paper is accepted by the Technical track of ICSE 2024!
  • [2023.11]  🎉 I win the National Scholarship and Principal Special Scholarship!
  • [2023.09]  🎉 One paper is accepted by TOSEM!
  • [2023.08]  🏆 Our paper wins the Best Paper Award at BlockSyS 2023!
  • [2023.07]  🎉 I win the Chinese China Scholarship Council (CSC) funding to work as a visiting PhD of Prof. David Lo!
  • [2023.03]  🎉 One paper is accepted by the Main track of IEEE S&P 2023!
  • [2022.12]  🎉 One paper is accepted by the Technical track of ICSE 2023!
  • [2021.12]  🎉 One paper is accepted by the Technical track of ICSE 2022!

📝 Selected Publications

Representative papers: 7 CCF-A papers, 2 JCR-Q1 papers

Conference

  • ASE'24 Snopy: Bridging Sample Denoising with Causal Graph Learning for Effective Vulnerability Detection.
    Sicong Cao, Xiaobing Sun, Xiaoxue Wu, David Lo, Lili Bo, Bin Li, Xiaolei Liu, Xingwei Lin, and Wei Liu.
    In Proceedings of the 39th ACM/IEEE International Conference on Automated Software Engineering (ASE), October, 2024. (CCF-A)
    [Paper] [DOI]
  • ASE'24 1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection.
    Xiaobing Sun, Xingan Gao, Sicong Cao, Lili Bo, Xiaoxue Wu, and Kaifeng Huang.
    In Proceedings of the 39th ACM/IEEE International Conference on Automated Software Engineering (ASE), October, 2024. (CCF-A)
    [Paper] [DOI]
  • ICSE'24 Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems.
    Sicong Cao, Xiaobing Sun, Xiaoxue Wu, David Lo, Lili Bo, Bin Li, and Wei Liu.
    In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering (ICSE), April, 2024. (CCF-A)
    [Paper] [Slides] [Code] [Video] [DOI]
  • S&P'23 ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing.
    Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, and Tao Wei.
    In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), May, 2023. (CCF-A)
    [Paper] [Slides] [Code] [Video] [DOI]
  • ICSE'23 Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation.
    Sicong Cao, Xiaobing Sun, Xiaoxue Wu, Lili Bo, Bin Li, Rongxin Wu, Wei Liu, Biao He, Yu Ouyang, and Jiajia Li.
    In Proceedings of the 45th IEEE/ACM International Conference on Software Engineering (ICSE), May, 2023. (CCF-A)
    [Paper] [Slides] [Code] [DOI]
  • ICSE'22 MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks.
    Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, and Chuanqi Tao.
    In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering (ICSE), May, 2022. (CCF-A)
    [Paper] [Slides] [Code] [Video] [DOI]

Journal

  • TII'24 Hierarchy-Aware Representation Learning for Industrial IoT Vulnerability Classification.
    Sicong Cao, Xiaobing Sun, Xinye Yang, Xiaoxue Wu, Wei Liu, and Bin Li.
    In IEEE Transactions on Industrial Informatics, 2024. (IF2023: 12.3, JCR-Q1)
    [Paper] [DOI]
  • IoTJ'24 EXVul: Towards Effective and Explainable Vulnerability Detection for IoT Devices.
    Sicong Cao, Xiaobing Sun, Wei Liu, Di Wu, Jiale Zhang, Yan Li, Tom H. Luan, and Longxiang Gao.
    In IEEE Internet of Things Journal, 2024. (IF2023: 10.6, JCR-Q1)
    [Paper] [DOI]
  • TOSEM'24 Learning to Detect Memory-Related Vulnerabilities.
    Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, Xiaoxue Wu, Chuanqi Tao, Tao Zhang, and Wei Liu.
    In ACM Transactions on Software Engineering and Methodology, 2024. (IF2023: 4.4, CCF-A)
    [Paper] [Code] [DOI]
  • IST'21 BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection.
    Sicong Cao, Xiaobing Sun, Lili Bo, Ying Wei, and Bin Li.
    In Journal of Information and Software Technology, 2021.
    [Paper] [Code] [DOI]

🎖 Honors and Awards

  • 2024.09: ACM SIGSOFT CAPS Travel Funds, ASE 2024
  • 2024.09: Grand Place (Freestyle/A-ST) of The 9th C4-Network Technology Challenge 🏆
  • 2024.02: ACM SIGSOFT CAPS Travel Funds, ICSE 2024
  • 2023.11: Principal Special Scholarship (1/15)
  • 2023.11: National Scholarship
  • 2023.09: 1st Place (Freestyle/A) of The 8th C4-Network Technology Challenge 🏆
  • 2023.08: BlockSys Best Paper Award
  • 2022.11: Distinguished Doctoral Symposium, CCF ChinaSoft 2022 (1/13)
  • 2020.11: Prototype Research Tool Award 2nd Place (Fixed topic) in CCF ChinaSoft 2020

📖 Educations

  • 2023.10 - 2024.10, Visiting Ph.D student, Singapore Management University, Singapore.
  • 2019.06 - Present, Ph.D candidate, Yangzhou University, Yangzhou.
  • 2015.09 - 2019.06, Undergraduate, Nanjing Institute of Technology, Nanjing.

📚 Reviewer

👨‍💻 Service

  • Junior PC, MSR 2025
  • Shadow PC, ICSE 2025
  • PC Member, ASE 2024
  • Registration Chair, FSE 2024

💻 Internships