Publications

Published research papers on software security and engineering in prestigious conferences and journals including USENIX Security (2021, 2022, 2023), ICSE (2021, 2024, 2025), S&P (2017), ASE (2025), DSN (2021, 2022, 2025), ACSAC (2021), ESORICS (2024), and IEEE ACCESS (2022, 2023).

: Top-tier conferences

2025

CRYPTBARA: Dependency-Guided Detection of Python Cryptographic API Misuses (Accepted)
Seogyeong Cho, Seungeun Yu, Seunghoon Woo
40th IEEE/ACM Automated Software Engineering Conference (ASE 2025)
ZCOVER: Uncovering Z-Wave Controller Vulnerabilities Through Systematic Security Analysis of Application Layer Implementation
Carlos Nkuba Kayembe, Jimin Kang, Seunghoon Woo*, Heejo Lee* (* Co-corresponding authors)
55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2025)
[paper] [slide] [code]
TIVER: Identifying Adaptive Versions of C/C++ Third-Party Open-Source Components Using a Code Clustering Technique
Youngjae Choi, Seunghoon Woo
47th International Conference on Software Engineering (ICSE 2025)
[paper] [slide] [code] [article1] [article2]
Enhancing Code Vulnerability Detection Using CodeGraphBERT Deep Learning Techniques
Zeinab Shahbazi, Meshkat Mesbah, Seunghoon Woo
9th International Conference on Innovation in Artificial Intelligence (ICIAI 2025)
A Large-Scale Analysis of the Effectiveness of Publicly Reported Security Patches
Seunghoon Woo, Eunjin Choi, Heejo Lee
Computers & Security (COSE 2025, IF:5.4)
[paper]

2024

BLOOMFUZZ: Unveiling Bluetooth L2CAP Vulnerabilities via State Cluster Fuzzing with Target-Oriented State Machines
Pyeongju Ahn, Yeonseok Jang, Seunghoon Woo*, Heejo Lee* (* Co-corresponding authors)
29th European Symposium on Research in Computer Security (ESORICS 2024)
[paper] [slide] [code]
CNEPS: A Precise Approach for Examining Dependencies among Third-Party C/C++ Open-Source Components
Yoonjong Na, Seunghoon Woo*, Joomyeong Lee, Heejo Lee* (* Co-corresponding authors)
46th International Conference on Software Engineering (ICSE 2024)
[paper] [slide] [code] [article1] [article2]

2023

V1SCAN: Discovering 1-day Vulnerabilities in Reused C/C++ Open-source Software Components Using Code Classification Techniques
Seunghoon Woo, Eunjin Choi, Heejo Lee, Hakjoo Oh
32nd USENIX Security Symposium (Security 2023)
[paper] [slide] [code] [article1]
ZMAD: Lightweight Model-based Anomaly Detection for the Structured Z-Wave Protocol
Carlos Nkuba Kayembe, Seunghoon Woo, Heejo Lee, Sven Dietrich
IEEE ACCESS (2023, IF:3.476)
[paper]

Before 2023

MOVERY: A Precise Approach for Modified Vulnerable Code Clone Discovery from Modified Open-Source Software Components
Seunghoon Woo, Hyunji Hong, Eunjin Choi, Heejo Lee
31st USENIX Security Symposium (Security 2022)
[paper] [slide] [code] [article1] [article2]
L2Fuzz: Discovering Bluetooth L2CAP Vulnerabilities Using Stateful Fuzz Testing
Haram Park, Carlos Nkuba Kayembe, Seunghoon Woo, Heejo Lee
52nd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2022)
[paper] [slide] [code]
CIRCUIT: A JavaScript Memory Heap-Based Approach for Precisely Detecting Cryptojacking Websites
Seunghoon Woo*, Hyunji Hong*, Sunghan Park*, Jeongwook Lee, Heejo Lee (* contributed equally)
IEEE ACCESS (2022, IF:3.476)
[paper]
xVDB: A High-Coverage Approach for Constructing a Vulnerability Database
Hyunji Hong, Seunghoon Woo, Eunjin Choi, Jihyun Choi, Heejo Lee
IEEE ACCESS (2022, IF:3.476)
[paper]
DICOS: Discovering Insecure Code Snippets from Stack Overflow Posts by Leveraging User Discussions
Hyunji Hong, Seunghoon Woo, Heejo Lee
Annual Computer Security Applications Conference (ACSAC 2021)
[paper] [slide] [code]
V0Finder: Discovering the Correct Origin of Publicly Reported Software Vulnerabilities
Seunghoon Woo, Dongwook Lee, Sunghan Park, Heejo Lee, Sven Dietrich
30th USENIX Security Symposium (Security 2021)
[paper] [slide] [code] [article1] [article2]
OctoPoCs: Automatic Verification of Propagated Vulnerable Code Using Reformed Proofs of Concept
Seongkyeong Kwon, Seunghoon Woo, Gangmo Seong, Heejo Lee
51st IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021)
[paper] [slide] [code]
CENTRIS: A Precise and Scalable Approach for Identifying Modified Open-Source Software Reuse
Seunghoon Woo, Sunghan Park, Seulbae Kim, Heejo Lee, Hakjoo Oh
43rd International Conference on Software Engineering (ICSE 2021)
[paper] [slide] [code] [article1] [article2]
Poster: IoTcube: an automated analysis platform for finding security vulnerabilities
Seulbae Kim, Seunghoon Woo, Heejo Lee, Hakjoo Oh
38th IEEE Symposium on Poster presented at Security and Privacy (S&P Poster 2017)
[paper]
VUDDY: A Scalable Approach for Vulnerable Code Clone Discovery
Seulbae Kim, Seunghoon Woo, Heejo Lee, Hakjoo Oh
38th IEEE Symposium on Security and Privacy (S&P 2017)
[paper] [slide] [code] [article1] [article2]

Domestic Publications

COTS 바이너리의 1-day 취약점 탐지를 위한 Patch Presence Test 연구
양희동, 이정우, 우승훈
한국정보보호학회 CISC-S (2025)
공급망 보안을 위한 소프트웨어 명세서(SBOM) 개선 연구
최영재, 양희동, 우승훈
정보보호학회지 (2025)
[link]
Web 3.0 시대 핵심 기술, 블록체인 보안 위협 전망 및 분석
우승훈, 이건우, 이태준, 최윤성, 이희조, 민경식, 박진상
KISA INSIGHT (2023)
[paper]
오픈소스 SW 취약점 분석 및 탐지기술 동향
우승훈, 홍현지, 이희조
OSIA Standards & Technology Review Journal (2022)
[paper]
공급망 보안을 위한 오픈소스 소프트웨어 취약점 관리 기술
홍현지, 우승훈, 이희조
정보보호학회지 (2022)
[paper]

Patents

METHOD AND APPARATUS FOR GENERATING ADAPTIVE VERSION COVERING VERSION DISTRIBUTION OF REUSED OPEN SOURCE SOFTWARE COMPONENT
Seunghoon Woo, Youngjae Choi
Domestic, Application, 10-2025-0123459, Sep. 1. 2025. [material]
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Heejo Lee, Seunghoon Woo
International (EU), Registration, EP4033380B1, Apr. 16. 2025. [material]
METHOD AND APPARATUS FOR DETECTING PROPAGATION OF SECURITY VULNERABILITIES OF OPEN SOURCE SOFTWARE INHERENT IN COMPONENTS OF TARGET SOFTWARE
Heejo Lee, Seunghoon Woo
Domestic, Application, 10-2024-0023236, Feb. 19. 2024. [material]
METHOD FOR IDENTIFYING OPEN-SOURCE SOFTWARE COMPONENTS AT THE SOURCE-CODE LEVEL
Heejo Lee, Seunghoon Woo
International (US), Registration, 11836486, Dec. 5. 2023. [material]