😀 About Me

Hi, there! I’m a master student at Huazhong University of Science and Technology (HUST), supervised by Prof. Haoyu Wang, working with folks at Security PRIDE Research Group. Previously, I received my B.Eng. degree at Xidian University, under supervision of Prof. Hui Li in June 2023.

I am interested in the intersection of security, program analysis, and AI systems. Specifically, I focus on developing impactful, real-world solutions for detecting and defending against vulnerabilities in a wide range of systems, including Open-Source Software Supply Chains, Cross-Platform Endpoints, and LLM Infrastructures.

  • OSS Security: NPM/PyPI code poisoning (ASE’23, ASE’24)
  • Endpoint Security: ransomware (CCS’24), miniapp security (ASE’23) & privacy (TOSEM, SaTS’23)
  • LLM Infra Security: pre-trained model supply chain (TOSEM, ASE’24)

If you would like to reach me, please send an email to shenaowang AT hust.edu.cn

🎉 News

  • 🔝 02/2025: Excited to announce the 1st workshop on LLMSC, co-located with ISSTA’25! Join us in Trondheim, Norway!

  • 🔝 12/2024: We are actively maintaining the Awesome-LLM-Supply-Chain-Security. Welcome to star, fork, and contribute!

  • 12/2024: Our paper working on MiniApp privacy was accepted by TOSEM!

  • 11/2024: Two papers working on LLM Apps and Supply Chain were accepted by TOSEM 2030 SE Roadmap!

  • 11/2024: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2024.

  • 08/2024: Two papers working on OSS/LLM supply chain security were accepted by ASE 2024 (Industry Showcase)!

  • 07/2024: Our paper on ransomware detection in industrial environments was accepted by CCS 2024. See you in Salt Lake City!

  • 12/2023: We won the third prize in Software Research Prototype System Competition of ChinaSoft 2023.

  • 08/2023: Our paper on malicious npm/pypi package detection was accepted by ASE 2023 (Industry Challenge Track).

  • 07/2023: Our paper on WeChat AppSecret Leaks was accepted by ASE 2023.

  • 06/2023: I received my B.Eng. degree at Xidian University. :)

  • 05/2023: I was invited to give a presentation at the first Cyber Security Innovation Forum in Wuhan.

  • 09/2022: I became a member of SECURITY PRIDE Research Group.

📝 Publications

(* Equal Contribution)

Preprint

  • [arXiv] SoK: Understanding Vulnerabilities in the Large Language Model Supply Chain
    Shenao Wang, Yanjie Zhao, Zhao Liu, Quanchen Zou, Haoyu Wang [Paper]

  • [arXiv] Model Context Protocol (MCP): Landscape, Security Threats, and Future Research Directions
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang[Paper]

  • [arXiv] Large Language Models for Cyber Security: A Systematic Literature Review
    Hanxiang Xu, Shenao Wang, Ningke Li, Kailong Wang, Yanjie Zhao, Kai Chen, Ting Yu, Yang Liu, Haoyu Wang [Paper]

  • [arXiv] Seeing is (Not) Believing: Practical Phishing Attacks Targeting Social Media Sharing Cards
    Wangchenlu Huang, Shenao Wang, Yanjie Zhao, Guosheng Xu, Haoyu Wang [Paper]

Conference

  • [CCS’24] CanCal: Towards Real-time and Lightweight Ransomware Detection and Response in Industrial Environments
    Shenao Wang*, Feng Dong*, Hangfeng Yang, Jingheng Xu, and Haoyu Wang.
    The 2024 ACM SIGSAC Conference on Computer and Communications Security (CCS’24) [Paper]

  • [ASE’24] Models Are Codes: Towards Measuring Malicious Code Poisoning Attacks on Pre-trained Model Hubs
    Jian Zhao*, Shenao Wang*, Yanjie Zhao, Xinyi Hou, Kailong Wang, Peiming Gao, Yuanchao Zhang, Chen Wei, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), Industry Showcase [Paper] [Repo]

  • [Internetware’25] GPT Store Mining and Analysis
    Dongxun Su, Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang
    Proceedings of the 15th Asia-Pacific Symposium on Internetware [Paper]

  • [ASE’24] Towards Robust Detection of Open Source Software Supply Chain Poisoning Attacks in Industry Environments
    Xinyi Zheng*, Chen Wei*, Shenao Wang, Yanjie Zhao, Peiming Gao, Yuanchao Zhang, Kailong Wang, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), Industry Showcase [Paper] [Repo]

  • [ASE’24] GPTZoo: A Large-scale Dataset of GPTs for the Research Community
    Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang
    The 39th IEEE/ACM International Conference on Automated Software Engineering (ASE’24), NIER Track [Paper] [Repo]

  • [ASE’23] MalWuKong: Towards Fast, Accurate, and Multilingual Detection of Malicious Code Poisoning in OSS Supply Chains
    Ningke Li, Shenao Wang, Mingxi Feng, Kailong Wang, Meizhen Wang, Haoyu Wang.
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23), Industry Challenge Track [Paper] [Repo]

  • [ASE’23] WeMinT: Tainting Sensitive Data Leaks in WeChat Mini-Programs
    Shi Meng, Liu Wang, Shenao Wang, Kailong Wang, Xusheng Xiao, Guangdong Bai, Haoyu Wang.
    The 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23) [Paper] [Repo]

Journal

  • [TOSEM] MiniScope: Automated UI Exploration and Privacy Inconsistency Detection of MiniApps via Two-phase Iterative Hybrid Analysis
    Shenao Wang, Yuekang Li, Kailong Wang, Yi Liu, Hui Li, Yang Liu, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM) [Paper] [Repo]

  • [TOSEM] Large Language Model Supply Chain: A Research Agenda
    Shenao Wang, Yanjie Zhao, Xinyi Hou, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap [Paper] [Repo]

  • [TOSEM] LLM App Store Analysis: A Vision and Roadmap
    Yanjie Zhao, Xinyi Hou, Shenao Wang, Haoyu Wang.
    ACM Transactions on Software Engineering and Methodology (TOSEM), Special Issue: 2030 Software Engineering Roadmap [Paper]

Workshop

  • [SE 2030] Towards Reliable Vector Database Management Systems: A Software Testing Roadmap for 2030
    Shenao Wang, Yanjie Zhao, Yinglin Xie, Zhao Liu, Xinyi Hou, Quanchen Zou, Haoyu Wang [Paper]

  • [SaTS’23] On the Usage-scenario-based Data Minimization in Mini Programs
    Shenao Wang, Yanjie Zhao, Kailong Wang, Haoyu Wang.
    The 2023 ACM Workshop on Secure and Trustworthy Superapps (SaTS), co-located with CCS [Paper]

🔗 Service

Sub Reviewer

  • 2025: S&P, FSE, ISSTA, NSDI, AsiaCCS, IWQoS
  • 2024: CCS, FSE, ISSTA, WWW, IMC, Internetware, MSR, EASE, MobileSoft, SaTS, MobiLLM, LCTES

Publicity & Web Chair

  • LLMSC Workshop @ISSTA 2025

👾 Experience

Education

  • 09/2019 - 06/2023, B.Eng., Xidian University, Xi’an, China.
  • 09/2023 - until now, M.S., Huazhong University of Science and Technology, Wuhan, China.

Intern

  • 01/2024 - 02/2024, Research Intern, Ant Group (MYbank), Hangzhou, China.
  • 09/2024 - until now, Research Intern, Jinyinhu Lab, Wuhan, China.

🏆 Honors & Awards

Awards

  • 2024 - Third Prize, Prototype Competition in ChinaSoft’24 [Reference]
  • 2023 - Bronze Award, National Innovation Competition [Reference]
  • 2023 - Third Prize, Prototype Competition in ChinaSoft’23 [Reference]
  • 2022 - First Prize, National Digital Forensics Competition (19/764) [Reference]
  • 2022 - First Prize & Most Valuable Award, National College Student Information Security Contest (2/728) [Reference]
  • 2022 - Meritorious Winner, MCM/ICM (Problem A) [Reference]
  • 2021 - First Prize, National Cryptographic Competition (16/121) [Reference]
  • 2021 - First Prize, CUMCM in Shannxi Province [Reference]

Honors

  • 2024 - National Scholarship, Ministry of Education of P.R. China [Reference]
  • 2024 - Merit Student, Huazhong University of Science and Technology [Reference]
  • 2023 - Outstanding Graduate of Shaanxi Province [Reference]
  • 2023 - Outstanding Bachelor Thesis, Xidian University [Reference]
  • 2022 - President Scholarship, Xidian University (5 undergraduates among 5300+) [Reference]
  • 2022 - National Scholarship, Ministry of Education of P.R. China (Top 1%) [Reference]
  • 2022 - Xiaomi Special Scholarship (5 undergraduates among 5300+)
  • 2021 - Excellent Student Cadre, Xidian University
  • 2021 - National Encouragement Scholarship, Ministry of Education of P.R. China
  • 2020 - Pacemaker to Merit Student, Xidian University
  • 2020 - Special Scholarship, Xidian University (Top 1%)

🌟 Grants

  • Multilingual Program Analysis
    Cybersecurity College Student Innovation Funding Program
    Funded by CSAC and AntGroup, 2024.7 until now

  • Permission Abuse Detection in Android/iOS Apps
    Cybersecurity College Student Innovation Funding Program (Excellent Project [6/240])
    Funded by CSAC and NIO, 2022.7-2023.11


© Copyright 2025 Shenao Wang. Last Updated: 4 Jan, 2025