I work at Research in Software and Security (RiSS) Group as a PhD candidate at Yangzhou University now, supervised by Prof. Xiaobing Sun and Prof. Wei Liu. From October 2023 to September 2024, I was a visiting student of Prof. David Lo at Singapore Management University. Our group and I are open to collaboration and communication. If you want to share awesome ideas, feel free to contact me.
My research interest includes Software Engineering (SE) and Deep Learning (DL). I have published over 10 papers at the top international SE/Security conferences (e.g., ICSE, ASE, S&P) and journals (e.g., TOSEM, TII).
Additional Info: [Chinese_CV] [English_CV] [DBLP]
🔥 News
- [2024.11] 🎉 I win the National Scholarship and Principal Special Scholarship again!
- [2024.11] 🎉 One paper is accepted by TOSEM!
- [2024.10] 🎉 Invited to serve as a program committee member of EuroS&P 2025!
- [2024.09] 🎉 Invited to serve as a Junior PC of MSR 2025!
- [2024.08] 🎉 Two paper are accepted by the Research track of ASE 2024!
- [2024.07] 🎉 Invited to serve as a shadow PC of ICSE 2025!
- [2024.06] 🎉 Invited to serve as a program committee member of Industry Track of ASE 2024!
- [2024.05] 🎉 One paper is accepted by IEEE TII!
- [2024.04] 🎉 Invited to serve as the registration chair of FSE 2024!
- [2024.03] 🎉 One paper is accepted by IEEE IoTJ!
📝 Selected Publications
Representative papers: 8 CCF-A papers, 2 JCR-Q1 papers
Conference
ASE'24
Snopy: Bridging Sample Denoising with Causal Graph Learning for Effective Vulnerability Detection.
Sicong Cao, Xiaobing Sun, Xiaoxue Wu, David Lo, Lili Bo, Bin Li, Xiaolei Liu, Xingwei Lin, and Wei Liu.
In Proceedings of the 39th ACM/IEEE International Conference on Automated Software Engineering (ASE), October, 2024. (CCF-A)
[Paper] [DOI]ASE'24
1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection.
Xiaobing Sun, Xingan Gao, Sicong Cao, Lili Bo, Xiaoxue Wu, and Kaifeng Huang.
In Proceedings of the 39th ACM/IEEE International Conference on Automated Software Engineering (ASE), October, 2024. (CCF-A)
[Paper] [DOI]ICSE'24
Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems.
Sicong Cao, Xiaobing Sun, Xiaoxue Wu, David Lo, Lili Bo, Bin Li, and Wei Liu.
In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering (ICSE), April, 2024. (CCF-A)
[Paper] [Slides] [Code] [Video] [DOI]S&P'23
ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing.
Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, and Tao Wei.
In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), May, 2023. (CCF-A)
[Paper] [Slides] [Code] [Video] [DOI]ICSE'23
Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation.
Sicong Cao, Xiaobing Sun, Xiaoxue Wu, Lili Bo, Bin Li, Rongxin Wu, Wei Liu, Biao He, Yu Ouyang, and Jiajia Li.
In Proceedings of the 45th IEEE/ACM International Conference on Software Engineering (ICSE), May, 2023. (CCF-A)
[Paper] [Slides] [Code] [DOI]ICSE'22
MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks.
Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, and Chuanqi Tao.
In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering (ICSE), May, 2022. (CCF-A)
[Paper] [Slides] [Code] [Video] [DOI]
Journal
TOSEM'25
Large Language Model for Vulnerability Detection and Repair: Literature Review and the Road Ahead.
Xin Zhou, Sicong Cao, Xiaobing Sun, and David Lo.
In ACM Transactions on Software Engineering and Methodology, 2024. (IF2024: 6.6, CCF-A)
[Paper] [DOI]TII'24
Hierarchy-Aware Representation Learning for Industrial IoT Vulnerability Classification.
Sicong Cao, Xiaobing Sun, Xinye Yang, Xiaoxue Wu, Wei Liu, and Bin Li.
In IEEE Transactions on Industrial Informatics, 2024. (IF2024: 11.7, JCR-Q1)
[Paper] [DOI]IoTJ'24
EXVul: Towards Effective and Explainable Vulnerability Detection for IoT Devices.
Sicong Cao, Xiaobing Sun, Wei Liu, Di Wu, Jiale Zhang, Yan Li, Tom H. Luan, and Longxiang Gao.
In IEEE Internet of Things Journal, 2024. (IF2023: 10.6, JCR-Q1)
[Paper] [DOI]TOSEM'24
Learning to Detect Memory-Related Vulnerabilities.
Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, Xiaoxue Wu, Chuanqi Tao, Tao Zhang, and Wei Liu.
In ACM Transactions on Software Engineering and Methodology, 2024. (IF2023: 4.4, CCF-A)
[Paper] [Code] [DOI]IST'21
BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection.
Sicong Cao, Xiaobing Sun, Lili Bo, Ying Wei, and Bin Li.
In Journal of Information and Software Technology, 2021.
[Paper] [Code] [DOI]
🎖 Honors and Awards
- 2024.11: Principal Special Scholarship (1/15)
- 2024.11: National Scholarship
- 2024.09: ACM SIGSOFT CAPS Travel Funds, ASE 2024
- 2024.09: Grand Place (Freestyle/A-ST) of The 9th C4-Network Technology Challenge 🏆
- 2024.02: ACM SIGSOFT CAPS Travel Funds, ICSE 2024
- 2023.11: Principal Special Scholarship (1/15)
- 2023.11: National Scholarship
- 2023.09: 1st Place (Freestyle/A) of The 8th C4-Network Technology Challenge 🏆
- 2023.08: BlockSys Best Paper Award
- 2023.07: China Scholarship Council (CSC) Scholarship
- 2022.11: Distinguished Doctoral Symposium, CCF ChinaSoft 2022 (1/13)
- 2020.11: Prototype Research Tool Award 2nd Place (Fixed topic) in CCF ChinaSoft 2020
📖 Educations
- 2023.10 - 2024.10, Visiting Ph.D student, Singapore Management University, Singapore.
- 2019.06 - Present, Ph.D candidate, Yangzhou University, Yangzhou.
- 2015.09 - 2019.06, Undergraduate, Nanjing Institute of Technology, Nanjing.
👨💻 Services
Journal Reviewing
TSE
IEEE Transactions on Software EngineeringTOSEM
ACM Transactions on Software Engineering and MethodologyTDSC
IEEE Transactions on Dependable and Secure ComputingTIFS
IEEE Transactions on Information Forensics and SecurityASEJ
Automated Software EngineeringEMSE
Empirical Software EngineeringJSEP
Journal of Software: Evolution and ProcessCACM
Communications of the ACM
Conference Activities
- PC Member, EuroS&P 2025
- Junior PC, MSR 2025
- Shadow PC, ICSE 2025
- PC Member, ASE 2024
- Registration Chair, FSE 2024
💻 Internships
- 2022.04 - 2022.06, Ant Group, Security FG Group, China.