I work at Research in Software and Security (RiSS) Group as a PhD candidate at Yangzhou University now, supervised by Prof. Xiaobing Sun. Our group and I are open to collaboration and communication. If you want to share awesome ideas, feel free to contact me.

My research interest includes Software Engineering (SE) and Deep Learning (DL). I have published over 10 papers at the top international SE/Security conferences (e.g., ICSE*3, S&P) and journals (e.g., TOSEM, IoTJ).

🔥 News

• [2024.03]  🎉 One paper is accepted by IEEE IoTJ!
• [2023.12]  🎉 One paper is accepted by the Technical track of ICSE 2024!
• [2023.11]  🎉 I win the National Scholarship and Principal Special Scholarship!
• [2023.09]  🎉 One paper is accepted by TOSEM!
• [2023.08]  🏆 Our paper wins the Best Paper Award at BlockSyS 2023!
• [2023.07]  🎉 I win the Chinese China Scholarship Council (CSC) funding to work as a visiting PhD of Prof. David Lo!
• [2023.03]  🎉 One paper is accepted by the Main track of IEEE S&P 2023!
• [2022.12]  🎉 One paper is accepted by the Technical track of ICSE 2023!
• [2021.12]  🎉 One paper is accepted by the Technical track of ICSE 2022!

📝 Publications

Representative papers: 5 CCF-A papers, 1 JCR-Q1 papers

Conference

• ICSE'24 Coca: Improving and Explaining Graph Neural Network-Based Vulnerability Detection Systems.
  Sicong Cao, Xiaobing Sun, Xiaoxue Wu, David Lo, Lili Bo, Bin Li, and Wei Liu.
  In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering (ICSE), April, 2024. (CCF-A)
  [Paper] [Slides] [Code] [Video] [DOI]
• BlockSys'23 (Best Paper Award) The Best of Both Worlds: Integrating Semantic Features with Expert Features for Smart Contract Vulnerability Detection.
  Xingwei Lin, Mingxuan Zhou, Sicong Cao, Jiashui Wang, and Xiaobing Sun.
  In Proceedings of the 5th International Conference on Blockchain and Trustworthy Systems (BlockSys), August, 2023.
  [Paper] [Slides] [DOI]
• S&P'23 ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing.
  Sicong Cao, Biao He, Xiaobing Sun, Yu Ouyang, Chao Zhang, Xiaoxue Wu, Ting Su, Lili Bo, Bin Li, Chuanlei Ma, Jiajia Li, and Tao Wei.
  In Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P), May, 2023. (CCF-A)
  [Paper] [Slides] [Code] [Video] [DOI]
• ICSE'23 Improving Java Deserialization Gadget Chain Mining via Overriding-Guided Object Generation.
  Sicong Cao, Xiaobing Sun, Xiaoxue Wu, Lili Bo, Bin Li, Rongxin Wu, Wei Liu, Biao He, Yu Ouyang, and Jiajia Li.
  In Proceedings of the 45th IEEE/ACM International Conference on Software Engineering (ICSE), May, 2023. (CCF-A)
  [Paper] [Slides] [Code] [DOI]
• ICSE'22 MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks.
  Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, and Chuanqi Tao.
  In Proceedings of the 44th IEEE/ACM International Conference on Software Engineering (ICSE), May, 2022. (CCF-A)
  [Paper] [Slides] [Code] [Video] [DOI]
• QRS'21 GrasP: Graph-to-Sequence Learning for Automated Program Repair.
  Ben Tang, Bin Li, Lili Bo, Xiaoxue Wu, Sicong Cao, and Xiaobing Sun.
  In Proceedings of the 21th IEEE International Conference on Software Quality, Reliability, and Security (QRS), December, 2021.
  [Paper] [DOI]

Journal

• IoTJ'24 EXVul: Towards Effective and Explainable Vulnerability Detection for IoT Devices.
  Sicong Cao, Xiaobing Sun, Wei Liu, Di Wu, Jiale Zhang, Yan Li, Tom H. Luan, and Longxiang Gao.
  In IEEE Internet of Things Journal, 2024. (IF2023: 10.6, JCR-Q1)
  [Paper] [DOI]
• TOSEM'24 Learning to Detect Memory-Related Vulnerabilities.
  Sicong Cao, Xiaobing Sun, Lili Bo, Rongxin Wu, Bin Li, Xiaoxue Wu, Chuanqi Tao, Tao Zhang, and Wei Liu.
  In ACM Transactions on Software Engineering and Methodology, 2024. (IF2023: 4.4, CCF-A)
  [Paper] [Code] [DOI]
• EMSE'22 SPVF: Security Property Assisted Vulnerability Fixing via Attention-Based Models.
  Zhou Zhou, Lili Bo, Xiaoxue Wu, Xiaobing Sun, Tao Zhang, Bin Li, Jiale Zhang, and Sicong Cao.
  In Journal of Empirical Software Engineering, 2022.
  [Paper] [DOI]
• JSEP'21 A Comprehensive Study on Security Bug Characteristics.
  Ying Wei, Xiaobing Sun, Lili Bo, Sicong Cao, Xin Xia, and Bin Li.
  In Journal of Software: Evolution and Process, 2021.
  [Paper] [DOI]
• IST'21 BGNN4VD: Constructing Bidirectional Graph Neural-Network for Vulnerability Detection.
  Sicong Cao, Xiaobing Sun, Lili Bo, Ying Wei, and Bin Li.
  In Journal of Information and Software Technology, 2021.
  [Paper] [Code] [DOI]

🎖 Honors and Awards

• 2024.02: ACM SIGSOFT CAPS Travel Funds, ICSE 2024
• 2023.11: Principal Special Scholarship (1/15)
• 2023.11: National Scholarship
• 2023.09: 1st Place (Freestyle/A) of The 8th C4-Network Technology Challenge 🏆
• 2023.08: BlockSys Best Paper Award
• 2022.11: Distinguished Doctoral Symposium, CCF ChinaSoft 2022 (1/13)
• 2020.11: Prototype Research Tool Award 2nd Place (Fixed topic) in CCF ChinaSoft 2020

📖 Educations

• 2023.10 - 2024.10, Visiting Ph.D student, Singapore Management University, Singapore.
• 2019.06 - Present, Ph.D candidate, Yangzhou University, Yangzhou.
• 2015.09 - 2019.06, Undergraduate, Nanjing Institute of Technology, Nanjing.

📚 Reviewer

• CCF-A IEEE Transactions on Software Engineering
• CCF-A ACM Transactions on Software Engineering and Methodology
• CCF-B Automated Software Engineering
• CCF-B Empirical Software Engineering

💻 Internships

• 2022.04 - 2022.06, Ant Group, Security FG Group, China.