Penghui Li Postdoctoral Research Scientist Columbia University Email | Google Scholar | GitHub | Awards | Services

I am a Postdoctoral Research Scientist at Columbia University, working with Prof. Junfeng Yang. I did my Ph.D. with Prof. Wei Meng at the Chinese University of Hong Kong.

My research focuses on software security and program analysis for web and systems, with a recent emphasis on neuro-symbolic approaches. I combine language-based program analysis with generative AI to address security challenges such as vulnerability detection, exploit generation, and privacy violation analysis.

Selected Publications [Full List]

• FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache [PDF]
  Penghui Li, Mingxue Zhang
  In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS), October 2024
  ★ Distinguished Paper Award

• SDFuzz: Target States Driven Directed Fuzzing [PDF]
  Penghui Li, Wei Meng, Chao Zhang
  In Proceedings of the 33rd USENIX Security Symposium (Security), August 2024
  

• Holistic Concolic Execution for Dynamic Web Applications via Symbolic Interpreter Analysis [PDF]
  Penghui Li, Wei Meng, Mingxue Zhang, Chenlin Wang, Changhua Luo
  In Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P), May 2024
  

• SEDiff: Scope-Aware Differential Fuzzing to Test Internal Function Models in Symbolic Execution [PDF]
  Penghui Li, Wei Meng, Kangjie Lu
  In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (FSE), Research Track, November 2022
  

• Understanding and Detecting Performance Bugs in Markdown Compilers [PDF]
  Penghui Li, Yinxi Liu, Wei Meng
  In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering (ASE), Research Track, November 2021
  ★ Best Software Artifact Nomination

• LChecker: Detecting Loose Comparison Bugs in PHP [PDF]
  Penghui Li, Wei Meng
  In Proceedings of the Web Conference 2021 (WWW), Security Track, April 2021
  

• On the Feasibility of Automated Built-in Function Modeling for PHP Symbolic Execution [PDF]
  Penghui Li, Wei Meng, Kangjie Lu, Changhua Luo
  In Proceedings of the Web Conference 2021 (WWW), Security Track, April 2021
  

Awards

• ACM CCS Distinguished Paper Award, 2024

• USENIX Security Distinguished Artifact Reviewer, 2024

• ACM CCS Best Paper Honorable Mention, 2022

• HKSAR Reaching Out Award, 2022

• IEEE/ACM ASE Best Software Artifact Normination, 2021

• The Web Conference Student Scholarship, 2021

Services

Program Committee

• The ACM Conference on Computer and Communications Security (CCS), 2025

• Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb), 2024, 2025

• European Conference on Computer Systems (EuroSys), Shadow PC, 2024

• USENIX Security (Security), Artifact Evaluation Committee, 2024

• ACM Conference on Computer and Communications Security (CCS), Artifact Evaluation Committee, 2023

Journal Reviewer

• ACM Transactions on Software Engineering and Methodology (TOSEM)

• IEEE Transactions on Dependable and Secure Computing (TDSC)

• IEEE Transactions on Software Engineering (TSE)