Binbin Zhao

Binbin Zhao

ZJU 100 Young Professor

Zhejiang University

About Me

Hi there. I am a ZJU 100 Young Professor at Zhejiang University. Prior to that, I was a research faculty with the School of Electrical and Computer Engineering at Georgia Institute of Technology. I earned my Ph.D. in Electrical and Computer Engineering from Georgia Institute of Technology, where I was advised by Prof. Raheem Beyah.

Recent News

  • [01/23/2025] Our paper was accepted by USENIX Security 2025!
  • [09/10/2024] Our paper was accepted by IEEE S&P 2025!
  • [08/07/2023] Our paper was accepted by NDSS 2024!
  • [07/10/2023] Our paper was accepted by IEEE S&P 2024!
Interests
  • System Security
  • AI Security
Education

  • Ph.D. in Electrical and Computer Engineering, 2023

    Georgia Institute of Technology

  • M.S. in Electrical and Computer Engineering, 2022

    Georgia Institute of Technology

  • B.Eng. in Computer Science, 2018

    Zhejiang University

Publications

Lingming Zhang, Binbin Zhao, Jiacheng Xu, Peiyu Liu, Qinge Xie, Yuan Tian, Jianhai Chen, Shouling Ji (2025). Waltzz: WebAssembly Runtime Fuzzing with Stack-Invariant Transformation. USENIX Security 2025, CCF-A.

Boyu Chang, Binbin Zhao, Qiao Zhang, Peiyu Liu, Yuan Tian, Raheem Beyah, Shouling Ji (2024). FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization. IEEE S&P 2025, CCF-A.

Jiacheng Xu, Xuhong Zhang, Shouling Ji, Yuan Tian, Binbin Zhao, Qinying Wang, Peng Cheng, Jiming Chen (2023). MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency. NDSS 2024, CCF-A.

PDF

Qinying Wang, Boyu Chang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Gaoning Pan, Chenyang Lyu, Wenhai Wang, Raheem Beyah (2023). SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices. IEEE S&P 2024, CCF-A.

PDF Code

Binbin Zhao, Shouling Ji, Jiacheng Xu, Yuan Tian, Qiuyang Wei, Qinying Wang, Chenyang Lyu, Xuhong Zhang, Changting Lin, Jingzheng Wu, Raheem Beyah (2022). One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware. IEEE Transactions on Dependable and Secure Computing (TDSC), CCF-A.

PDF Dataset Slides

Binbin Zhao, Shouling Ji, Xuhong Zhang, Yuan Tian, Qinying Wang, Yuwen Pu, Chenyang Lyu, Raheem Beyah (2022). UVSCAN: Detecting Third-Party Component Usage Violations in IoT Firmware. USENIX Security 2023, CCF-A.

PDF

Chenyang Lyu, Jiacheng Xu, Shouling Ji, Xuhong Zhang, Qinying Wang, Binbin Zhao, Gaoning Pan, Wei Cao, Peng Chen, Raheem Beyah (2022). MINER: A Hybrid Data-Driven Approach for REST API Fuzzing. USENIX Security 2023, CCF-A.

PDF Code

Binbin Zhao, Shouling Ji, Jiacheng Xu, Yuan Tian, Qiuyang Wei, Qinying Wang, Chenyang Lyu, Xuhong Zhang, Changting Lin, Jingzheng Wu, Raheem Beyah (2022). A Large-Scale Empirical Analysis of the Vulnerabilities Introduced by Third-Party Components in IoT Firmware. ISSTA 2022, CCF-A.

PDF Dataset Slides

Chenyang Lyu, Hong Liang, Shouling Ji, Xuhong Zhang, Binbin Zhao, Meng Han, Yun Li, Zhe Wang, Wenhai Wang, Raheem Beyah (2022). SLIME: Program-sensitive Energy Allocation for Fuzzing. ISSTA 2022, CCF-A.

PDF Code

Chenyang Lyu, Shouling Ji, Xuhong Zhang, Hong Liang, Binbin Zhao, Kangjie Lu, Raheem Beyah (2021). EMS: History-Driven Mutation for Coverage-based Fuzzing. NDSS 2022, CCF-A.

PDF Cite Code

Qinying Wang, Shouling Ji, Yuan Tian, Xuhong Zhang, Binbin Zhao, Yuhong Kan, Zhaowei Lin, Changting Lin, Shuiguang Deng, Alex X. Liu, Raheem Beyah (2021). MPInspector: A Systematic and Automatic Approach for Evaluating the Security of IoT Messaging Protocols. USENIX Security 2021, CCF-A.

PDF Cite Code

Binbin Zhao, Shouling Ji, Wei-Han Lee, Changting Lin, Haiqing Weng, Jingzheng Wu, Pan Zhou, Liming Fang, Raheem Beyah (2020). A Large-scale Empirical Study on the Vulnerability of Deployed IoT Devices. IEEE Transactions on Dependable and Secure Computing (TDSC), CCF-A.

PDF Cite

Haiqin Weng, Binbin Zhao, Shouling Ji, Jianhai Chen, Ting Wang, Qinming He, Raheem Beyah (2019). Towards Understanding the Security of Modern Image Captchas and Underground Captcha-solving Services. Big Data Mining and Analytics, CCF-T2.

PDF Cite

Binbin Zhao, Haiqin Weng, Shouling Ji, Jianhai Chen, Ting Wang, Qinming He, Raheem Beyah (2018). Towards Evaluating the Security of Real-world Deployed Image CAPTCHAs. Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security (AISec 2018), co-located with CCS.

PDF Cite

Experience

 
 
 
 
 
ZJU 100 Young Professor
Zhejiang University
Mar 2025 – Present Hangzhou
 
 
 
 
 
Research Engineer II
CAP Lab, Georgia Institute of Technology
Aug 2023 – Jan 2025 Atlanta
 
 
 
 
 
Research Assistant
CAP Lab, Georgia Institute of Technology
Aug 2019 – Aug 2023 Atlanta

Contact