基本信息
苏璞睿  男  博导  中国科学院软件研究所
电子邮件: purui@iscas.ac.cn
通信地址: 北京市海淀区中关村南四街4号
邮政编码: 100190

研究领域

软件漏洞分析与利用、恶意代码深度分析与检测、软件安全性分析与评估、移动互联网安全

招生信息

网络空间安全,软件工程,软件安全等

招生专业
083500-软件工程
083900-网络空间安全
招生方向
网络空间安全,可信计算与信息保障
软件工程

教育背景

2013-12--中国科学院软件研究所   研究员
1999-09--2005-03   中国科学院软件研究所   获博士学位
1995-09--1999-07   北京师范大学   获学士学位
学历

1995—1999 年,北京师范大学信息技术与管理学系,获学士学位

1999—2005年,中国科学院软件研究所,获博士学位

工作经历

2005—2007年,中国科学院软件研究所助理研究员
2007—2013年,中国科学院软件研究所副研究员,硕士生导师 
2014年至今,中国科学院软件研究所研究员,博士生导师
社会兼职
2018-12-31-2019-09-30,RAID 2019大会主席, 大会主席
2017-09-10-今,北京市通讯学会移动终端专业委员会, 副主任委员
2017-06-06-今,RAID 2017程序委员会委员, 委员
2014-05-18-今,中国密码学会安全协议专业委员会, 委员

专利与奖励

   
奖励信息
(1) APT攻击检测关键技术研究与应用, 一等奖, 部委级, 2018
(2) 恶意软件深度分析关键技术及应用, 二等奖, 省级, 2017
(3) 恶意代码检测技术, 三等奖, 部委级, 2010
(4) 等级保护支撑平台研制与应用, 三等奖, 省级, 2006

出版信息

   
发表论文
[1] Xu Peng, Yanhao Wang, hong Hu, 苏璞睿. Testing the Binding Code of Scripting Languages with Cooperative Mutation. Network and Distributed Systems Security (NDSS) Symposium 2022null. 2022, [2] Yuwei Liu, Yanhao Wang, 苏璞睿, jia xiangkun, Yuanping Yu. InstruGuard: Find and Fix Instrumentation Errors for Coverage-based Greybox Fuzzing. The 36th IEEE/ACM International Conference on Automated Software Engineering[J]. 2021, [3] 苏璞睿. Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization. Network and Distributed Systems Security Symposium(NDSS 2020,网络安全四大会议). 2020, [4] 苏璞睿. One Engine To Serve ’em All: Inferring Taint Rules Without Architectural Semantics. Network and Distributed Systems Security Symposium 2019(NDSS 2019,网络安全四大会议). 2019, [5] Cai Yan, Zhu Biyun, Meng Ruijie, Yun Hao, He Liang, Su Purui, Liang Bin, Dumas M, Pfahl D, Apel S, Russo A. Detecting Concurrency Memory Corruption Vulnerabilities. ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERINGnull. 2019, 706-717, http://dx.doi.org/10.1145/3338906.3338927.
[6] Wang Yanhao, Chua Zheng Leong, Liu Yuwei, Su Purui, Liang Zhenkai, Wang X, Lo D, Shihab E. Fuzzing Program Logic Deeply Hidden in Binary Program Stages. 2019 IEEE 26TH INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING (SANER)null. 2019, 105-116, http://apps.webofknowledge.com/CitedFullRecord.do?product=UA&colName=WOS&SID=5CCFccWmJJRAuMzNPjj&search_mode=CitedFullRecord&isickref=WOS:000469754100013.
[7] 黄桦烽, 王嘉捷, 杨轶, 苏璞睿, 聂楚江, 辛伟. 有限资源条件下的软件漏洞自动挖掘与利用. 计算机研究与发展[J]. 2019, 56(11): 2299-2314, http://lib.cqvip.com/Qikan/Article/Detail?id=7100172991.
[8] 苏璞睿. LEMNA: Explaining Deep Learning based Security Applications. The 25th ACM Conference on Computer and Communications Security. 2018, [9] 苏璞睿. Automated Assessing Crashes From Heap Overflow. the 32nd IEEE/ACM International Conference on Automated Software Enginerring(ASE 2017. 2017, [10] Jia, Xiangkun, Zhang, Chao, Su, Purui, Yang, Yi, Huang, Huafeng, Feng, Dengguo, USENIX Assoc. Towards Efficient Heap Overflow Discovery. PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY '17)null. 2017, 989-1006, http://apps.webofknowledge.com/CitedFullRecord.do?product=UA&colName=WOS&SID=5CCFccWmJJRAuMzNPjj&search_mode=CitedFullRecord&isickref=WOS:000428763700058.
[11] Gu, Yacong, Sun, Kun, Su, Purui, Li, Qi, Lu, Yemian, Feng, Dengguo, Ying, Lingyun, IEEE. JGRE: An Analysis of JNI Global Reference Exhaustion Vulnerabilities in Android. 2017 47TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN)null. 2017, 427-438, [12] Feng Dengguo. Attacks and Defence on Android Free Floating Windows. The 11th ACM Asia Conference on Computer and Communications Security (ASIACCS 2016). 2016, [13] 苏璞睿. Exploiting Android System Services Through Bypassing Service Helpers. 12th EAI International Conference on Security and Privacy in Communication Networks(SecureCOMM 2016)). 2016, [14] Ying Lingyun. Meining Nie, Purui Su, Qi Li, Zhi Wang, Lingyun Ying, Jinlong Hu, Dengguo Feng. Xede: Practical Exploit Early Detection, RAID 2015.. RAID 2015. 2015, [15] 苏璞睿. Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries. ACSAC 2015. 2015, [16] 苏璞睿. Direct Resource Hijacking in Android is Still Dangerous. IEEE Internet Computing. 2015, [17] Cheng Yao, Xu Chang, Yang Yi, Ying Linyun, Su Purui, Feng Dengguo, IEEE. Automated User Profiling in Location-based Mobile Messaging Applications. 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM)null. 2014, 18-26, [18] 苏璞睿. Revisiting Node Injectiong of P2P Botnet. The 8th International Conference on Network and System Security (NSS). 2014, [19] 聂楚江, 刘海峰, 苏璞睿, 冯登国. 一种面向程序动态分析的循环摘要生成方法. 电子学报. 2014, 42(6): 1110-1117, http://lib.cqvip.com/Qikan/Article/Detail?id=662341767.
[20] 苏璞睿. Long Term Tracking and Characterization of P2P Botnet. International Conference on Trust, Security and Privacy in Computing and Communications. 2014, [21] 苏璞睿. Fast-Flux服务网络特征分析. 计算机系统应用. 2013, [22] 苏璞睿. OSNGuard: Detecting Worms with User Interaction Traces in Online Social Networks. ICICS 2013: 15th International Conference on Information and Communications Security. 2013, [23] Cheng Yao, Ying Lingyun, Jiao Sibei, Su Purui, Feng Dengguo. Bind your phone number with caution: automated user profiling through address book matching on smartphone. ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Securitynull. 2013, 335-340, http://ir.iscas.ac.cn/handle/311060/15978.
[24] 和亮, 冯登国, 王蕊, 苏璞睿, 应凌云. 基于MapReduce的大规模在线社交网络蠕虫仿真. 软件学报. 2013, 24(7): 1666-1682, http://lib.cqvip.com/Qikan/Article/Detail?id=46248065.
[25] Jun Jiang, Meining Nie, Purui Su, Dengguo Feng. VCCBox: Practical Confinement of Untrusted Software in Virtual Cloud Computing. ICST International Conference on Security and Privacy in Communication Networksnull. 2013, http://ir.iscas.ac.cn/handle/311060/16374.
[26] Wang, Minghua, Su, Purui, Li, Qi, Ying, Lingyun, Yang, Yi, Feng, Dengguo, Zia, T, Zomaya, A, Varadharajan, V, Mao, M. Automatic Polymorphic Exploit Generation for Software Vulnerabilities. SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2013null. 2013, 127: 216-+, [27] 王蕊, 冯登国, 杨轶, 苏璞睿. 基于语义的恶意代码行为特征提取及检测方法. Journal of Software[J]. 2012, 23(2): 378-393, http://lib.cqvip.com/Qikan/Article/Detail?id=40707473.
[28] 刘豫, 聂眉宁, 苏璞睿, 冯登国. 基于可回溯动态污点分析的攻击特征生成方法. 通信学报. 2012, 33(5): 21-28, http://lib.cqvip.com/Qikan/Article/Detail?id=41881866.
[29] 王蕊, 冯登国, 杨轶, 苏璞睿. 基于语义的恶意代码行为特征提取及检测方法. Journal of Software[J]. 2012, 23(2): 378-393, http://lib.cqvip.com/Qikan/Article/Detail?id=40707473.
[30] 应凌云, 杨轶, 冯登国, 苏璞睿. 恶意软件网络协议的语法和行为语义分析方法. 软件学报. 2011, 22(7): 1676-1689, http://lib.cqvip.com/Qikan/Article/Detail?id=38271864.
[31] 苗光胜, 冯登国, 苏璞睿. P2P信任模型中基于模糊逻辑的共谋团体识别方法. 计算机研究与发展. 2011, 48(12): 2187-2200, http://lib.cqvip.com/Qikan/Article/Detail?id=40227811.
[32] 王蕊, 苏璞睿, 杨轶, 冯登国. 一种抗混淆的恶意代码变种识别系统. 电子学报. 2011, 39(10): 2322-2330, http://lib.cqvip.com/Qikan/Article/Detail?id=39769781.
[33] 陈恺, 冯登国, 苏璞睿, 张颖君. 基于彩色污点传播的黑盒测试方法. 中国科学:信息科学. 2011, 41(5): 526-540, http://lib.cqvip.com/Qikan/Article/Detail?id=37682112.
[34] 杨轶, 苏璞睿, 应凌云, 冯登国. 基于行为依赖特征的恶意代码相似性比较方法. 软件学报. 2011, 22(10): 2438-2453, http://lib.cqvip.com/Qikan/Article/Detail?id=39399601.
[35] Yi Yang, Lingyun Ying, Rui Wang, Purui Su, Dengguo Feng. Depsim: a dependency-based malware similarity comparison system. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)null. 2011, 503-522, http://124.16.136.157/handle/311060/14329.
[36] 陈恺, 冯登国, 苏璞睿, 聂楚江, 张晓菲. 一种多周期漏洞发布预测模型. 软件学报. 2010, 2367-2375, http://lib.cqvip.com/Qikan/Article/Detail?id=35075625.
[37] 冯登国. CloudSEC: A Cloud Architecture for Composing Collaborative Security Services. IEEE Second International Conference on Cloud Computing Technology and Science. 2010, [38] 苏璞睿. A Semantic-based Malware Behavior Feature Extractiong System. 2010 International Conference on Information Security and Artificial Intelligence(ISAI 2010). 2010, [39] 苏璞睿. Behavior Profile-Based Detector of Colluding Group in P2P Trust System. First International Workshop on Trust Management in P2P Systems (IWTMP2PS 2010). 2010, [40] 陈恺, 冯登国, 苏璞睿. 基于延后策略的动态多路径分析方法. 计算机学报. 2010, 33(3): 493-503, http://lib.cqvip.com/Qikan/Article/Detail?id=33205087.
[41] 许佳, 冯登国, 苏璞睿. 基于动态对等网层次结构的网络预警模型研究. 计算机研究与发展. 2010, 1574-1586, http://lib.cqvip.com/Qikan/Article/Detail?id=35181883.
[42] 苗光胜, 冯登国, 苏璞睿. P2P信任模型中基于行为相似度的共谋团体识别模型. 通信学报. 2009, 9-20, http://lib.cqvip.com/Qikan/Article/Detail?id=31453780.
[43] 王祥根, 司端锋, 冯登国, 苏璞睿. 一种基于自修改代码技术的软件保护方法. 中国科学院研究生院学报. 2009, 688-694, http://lib.cqvip.com/Qikan/Article/Detail?id=31752410.
[44] 王祥根, 司端锋, 冯登国, 苏璞睿. 基于代码覆盖的恶意代码多路径分析方法. 电子学报. 2009, 701-705, http://lib.cqvip.com/Qikan/Article/Detail?id=30213933.
[45] Wang Xianggen, Feng Dengguo, Su Purui, Bao F, Li H, Wang G. Reconstructing a Packed DLL Binary for Static Analysis. INFORMATION SECURITY PRACTICE AND EXPERIENCE, PROCEEDINGSnull. 2009, 5451: 71-+, [46] 应凌云, 冯登国, 苏璞睿. 基于P2P的僵尸网络及其防御. 电子学报. 2009, 37(1): 31-37, http://lib.cqvip.com/Qikan/Article/Detail?id=29425594.
[47] 苏璞睿. ReconBin: Reconstruct Binary File from Execution for Software Static Analysis. IEEE SSIRI. 2009, [48] Nie Meining, Su Purui, Li Qi, Wang Zhi, Ying Lingyun, Hu Jinlong, Feng Dengguo. Xede: Practical exploit early detection (EI收录). http://www.corc.org.cn/handle/1471x/2040642.
发表著作
(1) 软件安全分析与应用, 清华大学出版社, 2017-10, 第 1 作者