PhD Candidates
Bing-Kai Hong 洪稟凱 PhD NICT18SumNICT19Intern
Cohort 2019 · Expected graduation 學年度 114 · Senior PhD candidate
5G Base Station security · rogue Base Station detection · MEC-based attack detection · O-RAN security
★ 2019 MOST Excellent PhD Scholarship · 2021 TANET Best Paper · 2023 WPMC Travel Grant
Guang-Jhe Lin 林廣哲 PhD
Incoming PhD · joining 學年度 114
O-RAN security · Near-RT RIC · E2 interface attacks · race condition analysis
★ 2026 ICBIR Best Paper Award
Master's (Senior) · 碩二
- 謝宗諺
- 戴瑋宏 ★ 2026 CISC Best Paper
Master's (Junior) · 碩一
- 陳柏宏 BUT26Spr
Master's (Incoming) · 碩零
- 劉沛安 — Fall 2026 incoming
- 張誌麟 — Fall 2026 incoming
Undergraduate Researchers · 大學專題
- 王德元
- 陳昱瑋
- 許良宏
Research Themes · 研究主軸
O-RAN defense
O-RAN 攻擊面分析與防禦機制
Systematic study of O-RAN's open interfaces (E2, F1AP, xApps, rApps) — building both threat models and defensive primitives across Near-RT RIC, Non-RT RIC, and the SMO.
- Anomaly detection on Near-RT RIC for xApp / E2 threats — IEEE OJCOMS 2025
- F1AP conformance testing — IEEE OJCOMS 2026
- Low-rate DoS detection via federated learning — IEEE VTM 2025
- Malicious rApp eavesdropping & exfiltration on Non-RT RIC — CANDAR 2025
- Race condition on E2 subscription — ICBIR 2026
Rogue Base Station attacks & defenses
惡意基地台攻擊與偵測
Software-defined radio + open-source 5G stack + lightweight container virtualization to realize and detect rogue / MITM Base Stations in 5G private networks. Detection runs on the MEC edge.
- Signaling forgery via virtualized rogue Base Station containers — CISC 2020 Best Paper
- MEC-based rogue Base Station detection APP for 5G private networks — TANET 2021 Best Paper
- xApp-driven rogue Base Station detection on SDR-enabled O-RAN — INFOCOM NGOPERA 2023
- 5G NSA ML-based rogue Base Station classifier — CISC 2022 Best Student Paper
- MEC + AIoT integration — IEEE IoT Mag 2022
Looking ahead · 未來方向
NTN (Non-Terrestrial Network) Security
Extending O-RAN attack-model + SDR detection platform to satellite / 5G-NTN — UE ↔ satellite ↔ ground signalling threats, rogue-satellite detection, inter-satellite routing resilience.
PhD Candidate (cross-listed)
Bing-Kai Hong 洪稟凱 PhD
Cohort 2019 · Cross-listed (5G/IoT)
IoT endpoint detection & response · firmware emulation · digital twins
Master's (Senior) · 碩二
- 賴品境 — OS TA 2025
- 林后緯 — OS TA 2025
- 鄭帆修
- 陳首吉 — 提早半年
Master's (Junior) · 碩一
- 單業儒
- 彭柏睿
Master's (Incoming) · 碩零
- 許雅涵 — Fall 2026 incoming
- 莊楷崴 — Fall 2026 incoming
Undergraduate Researchers · 大學專題
- 徐牧遠 ★ DEVCORE 獎學金
- 吳秉彥
- 李柏聰
- 劉耀恩
Research Themes · 研究主軸
Vulnerability discovery
IoT 漏洞挖掘
Concolic execution, hybrid static-dynamic analysis, and LLM-assisted exploit generation to discover authentication-bypass and protocol-level vulnerabilities in IoT firmware across architectures.
- Guided concolic execution for auth bypass in IoT — NDSS 2024 poster
- AngrySpider hybrid multi-binary vulnerability discovery — CISC 2026 (finalist)
- Firmulti Fuzzer multi-process vulns via full-system emulation + VMI — CCS CPSIoTSec 2023
- MQTT fuzzing with Trampoline OTA — MOST UG 2025
Firmware emulation & virtual patching
IoT 韌體模擬與虛擬修補
Digital-twin–based firmware emulation enables edge-level endpoint detection & response (EDR) and virtual patching — fixing vulnerable IoT devices via gateway-side mitigation instead of OTA flashing.
- Digital twin EDR via firmware emulation — IEEE IoT Mag 2024
- Mobility-based epidemic model for IoT malware spread — IEEE Access 2022
- Hybrid edge threat detection for O-RAN private networks — IEEE CNS Cyber Resilience 2025
- Firmware NVRAM dependency parsing (FirmFE) — IEEE WPMC 2023
Master's (Senior) · 碩二
- 鄭依淳 Yi-Shun Cheng NICT24SumNICT25Intern ★ 2026 CISC Best Student Paper
- 林禹丞 NICT25Spr ★ 2026 CISC Best Presentation
- 賴御宸
- 藍天佑 NICT25Spr
Master's (Junior) · 碩一
- 何欣蓉 NICT25Sum
- 黃竹均 NICT25Sum
- 邱若萍 NICT25Sum
- 王玟雅 NICT26Spr
Master's (Incoming) · 碩零
- 張恩瑜 — Fall 2026 incoming NICT26Spr
- 楊哲宇 — Fall 2026 incoming
Undergraduate Researchers · 大學專題
- 林之鉉
- 陳庭瑜
Research Themes · 研究主軸
IoT malware analysis
IoT 惡意程式分析
A multi-representation pipeline — function call graphs · byte sequences · printable strings · P-Code IR — for cross-architecture IoT malware classification, with NICT Japan as long-term collaborator.
- Execution-order analysis for malware robustness — ACM TECS 2025
- FCG-reinterpreted system calls — Computers & Security 2023; ICISC 2024 Best Paper
- P-Code pretraining few-shot cross-architecture — CISC 2026 Best Presentation
- Printable strings classifier — IEEE TrustCom 2020 Best Paper
- TOM-Net few-shot open-set transductive meta-learning — PST 2025
Adversarial and poisoning attacks
機器學習對抗式與資料中毒攻擊
Building black-box attacks, stealthy backdoors, and explainability-driven adversarial samples against ML-driven security models; co-developed with IBM Watson Trusted AI Group.
- AutoZOOM autoencoder-based zeroth-order black-box attack — AAAI 2019 · 557 citations
- Backdoor attack on malware classifiers — CISC 2021 Best Paper
- Graph-feature adversarial sample generation — CISC 2022 Best Paper
- Robustness evaluation framework for IoT-based detectors — CISC 2022 Best Student Paper
- Adversarial attacks on consumer-IoT AI malware detection — IEEE Consumer Electronics Mag 2025