My research interests include malware analysis, reverse engineering, LLM security, LLM-based automated analysis systems, and automated vulnerability detection. I am currently engaged in vulnerability detection research as a research intern in Professor Jianwei Zhuge’s group at the Network and Information Security Laboratory (NISL), Institute for Network Sciences and Cyberspace at Tsinghua University, which focuses on cyberspace security education and research. I have project experience in malware detection engines, dynamic behavior analysis, endpoint security software, and kernel firewall experiments. I have published a monograph, hold software copyrights, have pending invention patents, and contribute through technical courses and community outreach.
简介
代表成果
National Invention Patent Publication: Cluster Scheduling and Detection Strategy for Terminal Security Equipment (Under Substantive Examination)
Monograph: "Large Language Models Reconstructing Malware Detection" published by Tsinghua University Press
项目
Palimpsest: LLM-Enhanced IoT Firmware Decompilation Pseudocode System
Python, LLM, Ghidra, CodeQL, Multi-Agent, Vulnerability Detection
- Palimpsest is an LLM-assisted framework that enhances code semantics from Ghidra decompilation output to facilitate CodeQL database creation. It is optimized specifically for IoT device firmware and CodeQL database construction.
- The primary application scenario focuses on semantic enhancement of IoT device firmware code for CodeQL database creation, adapting to subsequent firmware vulnerability tracking analysis and Software Composition Analysis (SCA) based on CodeQL.
LLM Agent-Based Automated Malware Sample Reverse Engineering System
Radare2, Qwen, RAG, Reverse Engineering, Malware Analysis
- Developed an automated malware sample reverse engineering system based on the Radare2 disassembly engine and the Qwen series of Large Language Models.
- Designed a multi-role mechanism where core roles handle task scheduling and main analysis workflow construction, while auxiliary roles clean up function disassembly results.
- Enhanced analysis precision through Retrieval-Augmented Generation (RAG) to complete analysis knowledge.
- Capable of analyzing basic CFF obfuscated samples and generating accurate reports.
LLM-Enhanced Dynamic Behavior Analysis System for Malware
Cuckoo Sandbox, Qwen, Jinja2, Dynamic Analysis, IOC
- Implemented dynamic analysis of malware samples by combining the open-source Cuckoo Sandbox system with the Qwen series of Large Language Models.
- Automated the submission of analysis tasks to the sandbox system and performed automated interpretation of sandbox reports and attack chain reconstruction.
- Generated comprehensive dynamic behavior analysis reports using Jinja2 report templates.
- Reports include core threat behaviors of the sample, key Indicators of Compromise (IOCs), and malicious threat scoring metrics.
AETHERSCOPE Endpoint Security Software
C, Python, Qt, Windows, Endpoint Security, SQLite3
- Served as an upgraded version of the Huiling Endpoint Security Software, refactoring underlying detection capabilities.
- Implemented detection capabilities including sample hashing, binary signature matching, rogue software digital signature features, entropy analysis, and import table scoring.
- Adopted a hybrid local and cloud database structure for the virus database.
- Developed the underlying detection engine in C, the Windows UI in Qt, and the cloud engine and security center functions in Python.
- Planned to integrate an AI malware detection engine to enhance analysis capabilities and kernel-level threat interception functions.
ECHO Malware Detection Engine
C, Python, Linux, KMP, Malware Detection
- Completely rewrote the underlying engine of the 2022 Huiling Endpoint Security Software.
- Implemented hash and binary signature matching capabilities based on the KMP algorithm, better aligning with practical detection workflows.
- Implemented in C combined with Python on Linux.
- Implemented heuristic analysis based on sample import tables, allowing for coarse-grained scoring combined with sample import function information.
- The project received a National Software Copyright Certificate and the Second Prize in the Guangdong Provincial Division of the National Information Literacy Competition.
Linux Kernel Firewall Experiment
Linux, Netfilter, Kernel Hook, Qt, Cybersecurity
- Hooked APIs at the system kernel level through the Linux Netfilter underlying framework.
- Combined kernel-user space communication technology to achieve interception of access to specific IPs and ports.
- Supported simultaneous blocking of multiple IPs and ports.
- Implemented a simple interface using Qt.
Huiling Endpoint Security Software
Developer · C, Qt, API Hook, MD5, Endpoint Security
- A complete endpoint security software implementing malware detection via binary signature + MD5 hash matching technology.
- Includes R3 layer API Hook technology to intercept the creation of malicious files and processes.
- Implemented the underlying engine in C and the UI interface in Qt.
- The project received a National Software Copyright Certificate and the First Prize in the Guangdong Provincial Division of the National Information Literacy Competition.
经历
Institute for Network Sciences and Cyberspace, Tsinghua University (Network and Information Security Laboratory)
Internship · Research Intern
- Participated in network and information security research.
- Focused on malware analysis, reverse engineering, and LLM-based automated analysis.
教育
Pasadena City College, USA
College · Cybersecurity
The Affiliated High School of Central China Normal University (Zhuhai), Guangdong Province
High School
荣誉与认证
First Prize, Guangdong Provincial Division, 2023 National Information Technology Literacy Competition
National Information Technology Literacy Competition
Second Prize, Guangdong Provincial Division, 2025 National Information Technology Literacy Competition
National Information Technology Literacy Competition
First Place in Informatics Independent Recruitment Examination, The Affiliated High School of Central China Normal University (Zhuhai)
The Affiliated High School of Central China Normal University (Zhuhai)
First Place in Informatics Independent Recruitment Examination, Zhuhai Experimental Middle School
Zhuhai Experimental Middle School
实践与公共参与
Tencent Volunteer Teaching 2026
AI Course Volunteer Teacher
Accumulated 140+ Hours of Volunteer Service
Volunteer
Student Union Member
Member of the School Publicity Department
School Sports Meet Referee
Referee
School New Year's Gala Volunteer
Volunteer