Publications

$^\dagger$ indicates corresponding authors, i.e., first-author publications of students I mentored.

2025

• [NDSS] BitShield: Defending Against Bit-Flip Attacks on DNN Executables.
  Yanzuo Chen, Yuanyuan Yuan$^\dagger$, Zhibo Liu, Sihang Hu, Tianxiang Li, and Shuai Wang$^\dagger$.
  In 32nd Network and Distributed System Security Symposium, 2025.
  $^\dagger$ Corresponding authors.
  [preprint], [code]

• [IEEE S&P] CipherSteal: Stealing Input Data from TEE-Shielded Neural Networks with Ciphertext Side Channels.
  Yuanyuan Yuan, Zhibo Liu, Sen Deng, Yanzuo Chen, Shuai Wang, Yinqian Zhang, and Zhendong Su.
  In 46th IEEE Symposium on Security and Privacy, 2025.
  🏆 Distinguished Paper Award
  [preprint]

• [NDSS] Compiled Models, Built-In Exploits: Uncovering Pervasive Bit-Flip Attack Surfaces in DNN Executables.
  Yanzuo Chen, Zhibo Liu, Yuanyuan Yuan$^\dagger$, Sihang Hu, Tianxiang Li, and Shuai Wang$^\dagger$.
  In 32nd Network and Distributed System Security Symposium, 2025.
  $^\dagger$ Corresponding authors.
  🏅 Presented at Black Hat Europe.
  [preprint], [code]

2024

• [Black Hat EU] The Devil is in the (Micro-) Architectures: Uncovering New Side-Channel and Bit-Flip Attack Surfaces in DNN Executables.
  Yanzuo Chen, Zhibo Liu, Yuanyuan Yuan, Sihang Hu, Tianxiang Li, and Shuai Wang.
  In 24th Black Hat Europe, 2024.
  [white paper], [slides]

• [CCS] DeepCache: Revisiting Cache Side-Channel Attacks in Deep Neural Networks Executables.
  Zhibo Liu, Yuanyuan Yuan, Yanzuo Chen, Sihang Hu, Tianxiang Li, and Shuai Wang.
  In 31st ACM Conference on Computer and Communications Security, 2024.
  🏅 Presented at Black Hat Europe.
  [code]

• [CCS] HyperTheft: Thieving Model Weights from TEE-Shielded Neural Networks via Ciphertext Side Channels.
  Yuanyuan Yuan, Zhibo Liu, Sen Deng, Yanzuo Chen, Shuai Wang, Yinqian Zhang, and Zhendong Su.
  In 31st ACM Conference on Computer and Communications Security, 2024.
  [extended version]

• [ISSTA] See the Forest, not Trees: Unveiling and Escaping the Pitfalls of Error-Triggering Inputs in Neural Network Testing.
  Yuanyuan Yuan, Shuai Wang, and Zhendong Su.
  In 33rd International Symposium on Software Testing and Analysis, 2024.

• [TSE] Provably Valid and Diverse Mutations of Real-World Media Data for DNN Testing.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In IEEE Transactions on Software Engineering, 2024.
  [preprint]

• [IEEE S&P] No Privacy Left Outside: On the (In-)Security of TEE-Shielded DNN Partition Defenses.
  Ziqi Zhang, Chen Gong, Yifeng Cai, Yuanyuan Yuan, Bingyan Liu, Ding Li, Yao Guo, and Xiangqun Chen.
  In 45th IEEE Symposium on Security and Privacy, 2024.
  [code]

• [NDSS] MPCDiff: Testing and Repairing MPC-Hardened Deep Learning Models.
  Qi Pang, Yuanyuan Yuan, and Shuai Wang.
  In 31st Network and Distributed System Security Symposium, 2024.
  [code]

2023

• [NeurIPS] Explain Any Concept: Segment Anything Meets Concept-Based Explanation.
  Ao Sun, Pingchuan Ma, Yuanyuan Yuan, and Shuai Wang.
  In 37th Conference on Neural Information Processing Systems, 2023.
  [code]

• [Black Hat USA] BTD: Unleashing the Power of Decompilation for x86 Deep Neural Network Executables.
  Zhibo Liu, Yuanyuan Yuan, Xiaofei Xie, Tianxiang Li, Wenqiang Li, and Shuai Wang.
  In 26th Black Hat USA, 2023.
  [white paper], [slides]

• [IEEE S&P] ADI: Adversarial Dominating Inputs in Vertical Federated Learning Systems.
  Qi Pang, Yuanyuan Yuan, Shuai Wang, and Wenting Zheng.
  In 44th IEEE Symposium on Security and Privacy, 2023.
  [extended version]

• [NDSS] OBSan: An Out-Of-Bound Sanitizer to Harden DNN Executables.
  Yanzuo Chen, Yuanyuan Yuan$^\dagger$, and Shuai Wang$^\dagger$.
  In 30th Network and Distributed System Security Symposium, 2023.
  $^\dagger$ Corresponding authors.
  [project page], [code]

• [USENIX Security] Precise and Generalized Robustness Certification for Neural Networks.
  Yuanyuan Yuan, Shuai Wang, and Zhendong Su.
  In 32nd USENIX Security Symposium, 2023.
  [extended version], [code]

• [USENIX Security] CacheQL: Quantifying and Localizing Cache Side-Channel Vulnerabilities in Production Software.
  Yuanyuan Yuan, Zhibo Liu, and Shuai Wang.
  In 32nd USENIX Security Symposium, 2023.
  [extended version], [findings], [code]

• [USENIX Security] Decompiling x86 Deep Neural Network Executables.
  Zhibo Liu, Yuanyuan Yuan, Shuai Wang, Xiaofei Xie, and Lei Ma.
  In 32nd USENIX Security Symposium, 2023.
  🏅 Artifact Evaluation Badges: Available; Functional; Reproduced.
  🏅 Presented at Black Hat USA.
  [extended version], [code]

• [ICSE] CC: Causality-Aware Coverage Criterion for Deep Neural Networks.
  Zhenlan Ji, Pingchuan Ma$^\dagger$, Yuanyuan Yuan$^\dagger$, and Shuai Wang.
  In 45th IEEE/ACM International Conference on Software Engineering, 2023.
  $^\dagger$ Corresponding authors.
  [code]

• [ICSE] Revisiting Neuron Coverage for DNN Testing: A Layer-Wise and Distribution-Aware Criterion.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In 45th IEEE/ACM International Conference on Software Engineering, 2023.
  [extended version], [code]

2022

• [ASE] Unveiling Hidden DNN Defects with Decision-Based Metamorphic Testing.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In 37th IEEE/ACM International Conference on Automated Software Engineering, 2022.
  [extended version], [code]

• [ISSTA] MDPFuzz: Testing Models Solving Markov Decision Processes.
  Qi Pang, Yuanyuan Yuan, and Shuai Wang.
  In 31st International Symposium on Software Testing and Analysis, 2022.
  [code]

• [TIFS] NeuralD: Detecting Indistinguishability Violations of Oblivious RAM with Neural Distinguishers.
  Pingchuan Ma, Zhibo Liu, Yuanyuan Yuan, and Shuai Wang.
  In IEEE Transactions on Information Forensics and Security, 2022.
  [code]

• [TSE] Enhancing DNN-Based Binary Code Function Search With Low-Cost Equivalence Checking.
  Huaijin Wang, Pingchuan Ma, Yuanyuan Yuan, Zhibo Liu, Shuai Wang, Qiyi Tang, Sen Nie, and Shi Wu.
  In IEEE Transactions on Software Engineering, 2022.
  [code]

• [SIGMETRICS] Metamorphic Testing of Deep Learning Compilers.
  Dongwei Xiao, Zhibo Liu, Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In ACM Sigmetrics/Performance, 2022.
  [code]

• [USENIX Security] Automated Side Channel Analysis of Media Software with Manifold Learning.
  Yuanyuan Yuan, Qi Pang, and Shuai Wang.
  In 31st USENIX Security Symposium, 2022.
  🏅 Artifact Evaluation Badges: Available; Functional; Reproduced.
  [extended version], [code]

• [IEEE S&P] SoK: Demystifying Binary Lifters Through the Lens of Downstream Applications.
  Zhibo Liu, Yuanyuan Yuan, Shuai Wang, and Yuyan Bao.
  In 43rd IEEE Symposium on Security and Privacy, 2022.
  [code]

2021

• [CVPR] Perception Matters: Detecting Perception Failures of VQA Models Using Metamorphic Testing.
  Yuanyuan Yuan, Shuai Wang, Mingyue Jiang, and Tsong Yueh Chen.
  In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 2021.
  [code]

• [ICLR] Private Image Reconstruction from System Side Channels Using Generative Models.
  Yuanyuan Yuan, Shuai Wang, and Junping Zhang.
  In International Conference on Learning Representations, 2021.
  [code]