Publications

• Adversarial Déjà Vu: Jailbreak Dictionary Learning for Stronger Generalization to Unseen Attacks
  Mahavir Dabas, Tran Huynh, Nikhil Reddy Billa, Jiachen T. Wang, Peng Gao, Charith Peris, Yao Ma, Rahul Gupta, Ming Jin, Prateek Mittal, Ruoxi Jia
  arXiv: 2510.21910
  October 2025
  [paper] [website]
  
• CTIArena: Benchmarking LLM Knowledge and Reasoning Across Heterogeneous Cyber Threat Intelligence
  Yutong Cheng, Yang Liu, Changze Li, Dawn Song, Peng Gao
  arXiv: 2510.11974
  October 2025
  [paper] [code and data]
  • We introduce the first comprehesive benchmark for evaluating LLMs on heterogeneous, multi-source CTI reasoning under various closed-book and knowledge-augmented settings, revealing the importance of domain-specific retrieval for robust CTI understanding.
• ReciNet: Reciprocal Space-Aware Long-Range Modeling for Crystalline Property Prediction
  Jianan Nie, Peiyao Xiao, Kaiyi Ji, Peng Gao
  arXiv: 2502.02748
  September 2025
  [paper]
• HuggingGraph: Understanding the Supply Chain of LLM Ecosystem
  Mohammad Shahedur Rahman, Peng Gao, Yuede Ji
  ACM International Conference on Information and Knowledge Management (CIKM), Applied Research Track
  November 2025
  [paper] [data] [demo website]
  
• Enabling Efficient Attack Investigation via Human-in-the-Loop Security Analysis
  Saimon Amanuel Tsegai, Xinyu Yang, Haoyuan Liu, Peng Gao
  International Conference on Very Large Data Bases (VLDB)
  September 2025
  [paper] [code and demo video]
  • We demonstrate how human expertise can be seamlessly integrated into the investigation of complex, multi-step attacks, highlighting the critical role of human oversight in strengthening modern cyber defenses.
• CTINexus: Automatic Cyber Threat Intelligence Knowledge Graph Construction Using Large Language Models
  Yutong Cheng, Osama Bajaber, Saimon Amanuel Tsegai, Dawn Song, Peng Gao
  IEEE European Symposium on Security and Privacy (EuroS&P)
  June 2025
  [paper] [code and data]
  • We leverage LLM in-context learning to extract high-quality cybersecurity knowledge graphs from cyber threat intelligence reports. We envision this tool significantly easing analysts’ workload and helping organizations build future contextual, intelligence-driven defenses.
  • Adopted by Palo Alto Networks and ThreatConnect for automated threat intelligence analysis
• ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management
  Peng Gao*, Xiaoyuan Liu* (* co-first authors), Edward Choi, Sibo Ma, Xinyu Yang, Dawn Song
  ACM Workshop on Large AI Systems and Models with Privacy and Safety Analysis (LAMPS), co-located with CCS
  October 2024
  [paper]
  • Influenced security products at Microsoft 365 Security and Zscaler
• vFix: Facilitating Software Maintenance of Smart Contracts via Automatically Fixing Vulnerabilities
  Pengcheng Fang, Peng Gao, Yun Peng, Qingzhao Zhang, Tao Xie, Dawn Song, Prateek Mittal, Sanjeev Kulkarni, Zhuotao Liu, Xusheng Xiao
  International Conference on Software Maintenance and Evolution (ICSME)
  October 2024
  [paper] [code]
  
• P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPF
  Osama Bajaber, Bo Ji, Peng Gao
  IEEE Symposium on Security and Privacy (S&P / Oakland)
  May 2024
  [paper] [code] [talk]
  • We demonstrate the use of programmable data planes to enforce information flow control policies at the network level, to prevent cross-host attacks (e.g., APTs) in real time at line rate.
  • Translated into a U.S. patent filing
  
• An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape
  Sifat Muhammad Abdullah, Aravind Cheruvu, Shravya Kanchi, Taejoong Chung, Peng Gao, Murtuza Jadliwala, Bimal Viswanath
  IEEE Symposium on Security and Privacy (S&P / Oakland)
  May 2024
  [paper] [code and data] [talk]
  • We show that the emergence of user-customized generative models and vision foundation models presents new security challenges and opportunities in detecting deepfake media.
• PrivMon: A Stream-Based System for Real-Time Privacy Attack Detection for Machine Learning Models
  Myeongseob Ko*, Xinyu Yang* (* co-first authors), Zhengjie Ji, Hoang Anh Just, Peng Gao, Anoop Kumar, Ruoxi Jia
  International Symposium on Research in Attacks, Intrusions and Defenses (RAID)
  October 2023
  [paper] [code]
  • Proposal received the 2021 Meta Research Award Finalist
• PrivGuard: Privacy Regulation Compliance Made Easier
  Lun Wang, Usmann Khan, Joseph P. Near, Qi Pang, Jithendaraa Subramanian, Neel Somani, Peng Gao, Andrew Low, Dawn Song
  USENIX Security Symposium (USENIX Security)
  August 2022
  [paper] [code]
  • Deployed in privacy products at Oasis Labs
  
• Back-Propagating System Dependency Impact for Attack Investigation
  Pengcheng Fang*, Peng Gao* (* co-first authors), Changlin Liu, Erman Ayday, Kangkook Jee, Ting Wang, Yanfang (Fanny) Ye, Zhuotao Liu, Xusheng Xiao
  USENIX Security Symposium (USENIX Security)
  August 2022
  [paper] [code]
• Make Web3.0 Connected
  Zhuotao Liu, Yangxi Xiang, Jian Shi, Peng Gao, Haoyu Wang, Xusheng Xiao, Bihan Wen, Qi Li, Yih-Chun Hu
  IEEE Transactions on Dependable and Secure Computing (TDSC)
  2021
  [paper]
• A System for Automated Open-Source Threat Intelligence Gathering and Management
  Peng Gao*, Xiaoyuan Liu* (* co-first authors), Edward Choi, Bhavna Soman, Chinmaya Mishra, Kate Farris, Dawn Song
  ACM SIGMOD International Conference on Management of Data (SIGMOD Demo), Demonstrations Track
  June 2021
  [paper] [demo video] [data]
  • Proposal received the 2020 Microsoft Security AI Research Award
  • Featured in Microsoft Security Response Center newsletter
• CHAMP: Characterizing Undesired App Behaviors from User Comments based on Market Policies
  Yangyu Hu, Haoyu Wang, Tiantong Ji, Xusheng Xiao, Xiapu Luo, Peng Gao, Yao Guo
  IEEE/ACM International Conference on Software Engineering (ICSE)
  May 2021
  [paper] [code]
• Enabling Efficient Cyber Threat Hunting With Cyber Threat Intelligence
  Peng Gao, Fei Shao, Xiaoyuan Liu, Xusheng Xiao, Zheng Qin, Fengyuan Xu, Prateek Mittal, Sanjeev R. Kulkarni, Dawn Song
  IEEE International Conference on Data Engineering (ICDE)
  April 2021
  [paper] [demo video] [code]
  • Proposal received the 2020 Amazon Research Award
  
• DeepIntent: Deep Icon-Behavior Learning for Detecting Intention-Behavior Discrepancy in Mobile Apps
  Shengqu Xi, Shao Yang, Xusheng Xiao, Yuan Yao, Yayuan Xiong, Fengyuan Xu, Haoyu Wang, Peng Gao, Zhuotao Liu, Feng Xu, Jian Lu
  ACM Conference on Computer and Communications Security (CCS)
  November 2019
  [paper] [code]
• HyperService: Interoperability and Programmability Across Heterogeneous Blockchains
  Zhuotao Liu, Yangxi Xiang, Jian Shi, Peng Gao, Haoyu Wang, Xusheng Xiao, Bihan Wen, Yih-Chun Hu
  ACM Conference on Computer and Communications Security (CCS)
  November 2019
  [paper] [long technical report] [code] [website]
• Data Capsule: A New Paradigm for Automatic Compliance with Data Privacy Regulations
  Lun Wang, Joseph P. Near, Neel Somani, Peng Gao, Andrew Low, David Dao, Dawn Song
  VLDB Workshop on Polystore Systems for Heterogeneous Data in Multiple Databases with Privacy and Security Assurances (POLY), co-located with VLDB
  August 2019
  [paper]
• IconIntent: Automatic Identification of Sensitive UI Widgets based on Icon Classification for Android Apps
  Xusheng Xiao, Xiaoyin Wang, Zhihao Cao, Hanlin Wang, Peng Gao
  IEEE/ACM International Conference on Software Engineering (ICSE)
  May 2019
  [paper]
• SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection
  Peng Gao, Xusheng Xiao, Ding Li, Zhichun Li, Kangkook Jee, Zhenyu Wu, Chung Hwan Kim, Sanjeev R. Kulkarni, Prateek Mittal
  USENIX Security Symposium (USENIX Security)
  August 2018
  [paper] [demo video]
  • 2018 CSAW Best Applied Security Paper Award Finalist
  • Translated into a U.S. patent
  • Integrated into NEC's Automated Security Intelligence product, which won the 2016 CEATEC Innovation Award
  
• AIQL: Enabling Efficient Attack Investigation from System Monitoring Data
  Peng Gao, Xusheng Xiao, Zhichun Li, Kangkook Jee, Fengyuan Xu, Sanjeev R. Kulkarni, Prateek Mittal
  USENIX Annual Technical Conference (ATC)
  July 2018
  [paper] [demo video]
  • Translated into a U.S. patent
  • Integrated into NEC's Automated Security Intelligence product, which won the 2016 CEATEC Innovation Award
  
• Exploiting Temporal Dynamics in Sybil Defenses
  Changchang Liu*, Peng Gao* (* co-first authors), Matthew Wright, Prateek Mittal
  ACM Conference on Computer and Communications Security (CCS)
  October 2015
  [paper]