HOME
ABOUT
- RESULTS
- differences
- BENEFITS
- HISTORY
- TEAM
- LOCATION
- FACILITIES
- BANKING
- MEMBERSHIPS
- APPROVALS
- LICENCES
- SUPPLIERS
- SPONSORSHIPS
- MEDIA
- PRIVACY
AUCTIONS
SHIPPING
FEES
- TS REWARDS
TOOLS
guides
FAQ
CONTACT
- CONNECT

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

PARTS
- FREE REPORT
- PARTS CONTAINERS
- PARTS SYSTEMS
- PARTS PROTECTION
- BODY SHELLS
- DISMANTLING
- ONLINE PARTS
- NEW PARTS
- INTERIOR PARTS
- EXTERIOR PARTS
  - BONNETS
  - BUMPERS
  - GRILLES
  - FENDERS
  - DOORS
  - TRUNKS
  - SPOILERS
  - LIGHTS
  - EMBLEMS
  - CAMERAS
- ENGINES
- TRANSMISSIONS
- WHEELS & TYRES
  - WHEELS
  - TYRES
CUTS
PERFORMANCE PARTS
TRUCK PARTS
MOTORBIKE PARTS
- MOTORBIKE ENGINES
- MOTORBIKE ACCESSORIES

MOTORBIKES
MARINE
FORKLIFTS
MACHINERY
AGRICULTURAL
OTHER
COUNTRY
- AUSTRALIA
- CANADA
- KENYA
- MYANMAR
- NEW ZEALAND
- PAKISTAN
- TANZANIA
- UNITED STATES

CARVIEW

MOTORHOMES

Select Language

HTTP/2 200 server: GitHub.com content-type: text/html; charset=utf-8 last-modified: Tue, 12 Aug 2025 01:13:01 GMT access-control-allow-origin: * etag: W/"689a951d-b5ca" expires: Tue, 30 Dec 2025 19:51:23 GMT cache-control: max-age=600 content-encoding: gzip x-proxy-cache: MISS x-github-request-id: 92D0:444BC:A79D26:BC2980:69542ADE accept-ranges: bytes age: 0 date: Tue, 30 Dec 2025 19:41:23 GMT via: 1.1 varnish x-served-by: cache-bom-vanm7210062-BOM x-cache: MISS x-cache-hits: 0 x-timer: S1767123683.880115,VS0,VE223 vary: Accept-Encoding x-fastly-request-id: d1d701d111388b761cbc62aa5796e1a3e9b1f184 content-length: 9167 Dr. Thuan Pham

Dr. Van-Thuan Pham

ARC DECRA Fellow & Senior Lecturer at the University of Melbourne

About

Thuan Pham is a Senior Lecturer in Cyber Security at the University of Melbourne (UoM). He has been working on scalable and high-performance fuzz testing to improve the reliability & security of software systems. Before joining UoM, he worked with Dr. Marcel Böhme at Monash University and Provost's Chair Professor Abhik Roychoudhury at National University of Singapore (NUS) as a postdoctoral Research Fellow. He received his Ph.D. degree in Computer Science from NUS in July 2017. His research, in collaboration with companies and government agencies, has led to many papers published at premier journals and conferences (e.g., TSE, EMSE, ICSE, CCS, ISSTA), one U.S. patent, and one Australian provisional patent. One of his papers won a Distinguished Paper Award at ICSE'24. He has developed several open-source automated security testing tools (e.g., AFLGo, AFLSmart, AFLNet, AFLTeam) that are responsible for 100+ (critical) vulnerabilities discovered in large real-world software systems. His research has been featured on media channels like Theregister.co.uk and Securityweek.com.

News

Feb 2025. I have been invited to join the Program Committee of ASE 2025 and FSE 2025

Apr 2024. I have been invited to join the Program Committee of ICSE 2025 and ISSTA 2025

Mar 2024. Our ICSE'24 paper "EDEFuzz: A Web API Fuzzer for Excessive Data Exposures" won a Distinguished Paper Award!

Sept 2023. I have been promoted to Senior Lecturer (US equiv. Associate Professor), effective from 1st Sept 2023.

June 2023. Our paper in collaboration with Google "Registered Report: Beyond The Coverage Plateau - A Comprehensive Study of Fuzz Blockers" has been accepted to Fuzzing 2023 Workshop

June 2023. Our paper "EDEFuzz: A Web API Fuzzer for Excessive Data Exposures" has been accepted to ICSE 2024

May 2023. I have been invited to join the Program Committee of ISSTA 2024

Dec 2022. A provisional patent has been filed for our work on detecting excessive data exposures from Web APIs

Sept 2022. I have been awarded an ARC DECRA 2023 (with ~410k AUD from ARC & 50k from UoM) to conduct my research on Human-In-The-Loop Fuzzing. A PhD position is open for this project, starting from 2023.

Sept 2022. I have been invited to join the Program Committee of ICSE 2024

Jun 2022. I have been invited to join the Dagstuhl seminar 23131 "Software Bug Detection: Challenges and Synergies"

Apr 2022. Our paper entitled "Human-in-the-Loop Oracle Learning for Semantic Bugs in String Processing Programs" has been accepted to ISSTA 2022.

Dec 2021. AFLTeam (Alpha version) has been released at https://github.com/MelbourneFuzzingHub/aflteam.

Nov 2021. I have been invited to join the Fuzzing'22 Program Committee. Please consider to submit your papers.

Oct 2021. I will be speaking at the FuzzCon Europe 2021 online conference about our work on effective parallel fuzzing.

Aug 2021. Our paper entitled "Towards Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing" has been accepted to ASE 2021 (NIER Track).

Jan 2021. We have released ProFuzzBench - A Benchmark for Stateful Protocol Fuzzing. Please check it out.

Nov 2020. I have been invited to join the USENIX Security '21 Program Committee. Please consider to submit your papers.

July 2020. I have joined the University of Melbourne as a Lecturer in Cyber Security.

Publications

AFLNet Five Years Later: On Coverage-Guided Protocol Fuzzing

Ruijie Meng, Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
IEEE Transactions on Software Engineering (TSE'25)

PDF

EDEFuzz: A Web API Fuzzer for Excessive Data Exposures

Lianglu Pan, Shaanan Cohney, Toby Murray, and Van-Thuan Pham
ACM/IEEE International Conference on Software Engineering (ICSE) 2024

PDF

Human-in-the-Loop Oracle Learning for Semantic Bugs in String Processing Programs

Charaka Gheetal, Van-Thuan Pham, Aldeida Aleti, and Marcel Böhme
The ACM SIGSOFT International Symposium on Software Testing and Analysis 2020 (ISSTA'22)

PDF

State Selection Algorithms and Their Impact on The Performance of Stateful Network Protocol Fuzzing

Dongge Liu, Van-Thuan Pham, Gidon Ernst, Toby Murray, Benjamin I.P. Rubinstein
IEEE International Conference on Software Analysis, Evolution and Reengineering 2022 (SANER'22) (RENE Track)

PDF

Towards Systematic and Dynamic Task Allocation for Collaborative Parallel Fuzzing

Van-Thuan Pham, Manh-Dung Nguyen, Quang-Trung Ta, Toby Murray, Benjamin I.P. Rubinstein
IEEE/ACM International Conference on Automated Software Engineering 2021 (ASE'21) (NIER Track)

PDF Video

ProFuzzBench: A Benchmark for Stateful Protocol Fuzzing

Roberto Natella, and Van-Thuan Pham
ACM International Symposium on Software Testing and Analysis 2021 (ISSTA'21) (Tool Demonstrations Track)

PDF

AFLNet: A Greybox Fuzzer for Network Protocols

Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20) (Testing Tools Track)

PDF Video

Human-In-The-Loop Automatic Program Repair

Marcel Böhme, Charaka Gheetal and Van-Thuan Pham
IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20)

PDF

Smart Greybox Fuzzing

Van-Thuan Pham, Marcel Böhme, Andrew E. Santosa, Alexandru Răzvan Căciulescu and Abhik Roychoudhury
IEEE Transactions on Software Engineering (TSE) 2019 (To appear)

PDF

Coverage-based Greybox Fuzzing as Markov Chain

Marcel Böhme, Van-Thuan Pham and Abhik Roychoudhury
IEEE Transactions on Software Engineering (TSE) 2018

Directed Greybox Fuzzing

Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen and Abhik Roychoudhury
ACM Conference on Computer and Communications Security (CCS) 2017

PDF

Bucketing Failing Tests via Symbolic Analysis

Van-Thuan Pham, Sakaar Khurana, Subhajit Roy and Abhik Roychoudhury
International Conference on Fundamental Approaches to Software Engineering (FASE) 2017

PDF

Coverage-based Greybox Fuzzing as Markov Chain

Marcel Böhme, Van-Thuan Pham and Abhik Roychoudhury
ACM Conference on Computer and Communications Security (CCS) 2016

PDF

Model-based Whitebox Fuzzing for Program Binaries

Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016

PDF Slides Video

Hercules: Reproducing Crashes in Real-World Application Binaries

Van-Thuan Pham, Wei Boon Ng, Konstantin Rubinov and Abhik Roychoudhury
ACM/IEEE International Conference on Software Engineering (ICSE) 2015

PDF

Integrated Timing Analysis of Application and Operating Systems Code

Lee Kee Chong, Clement Ballabriga, Van-Thuan Pham, Sudipta Chattopadhyay and Abhik Roychoudhury
IEEE Real-time Systems Symposium (RTSS) 2013

A General Solution supporting Real-time and Remote Electrocardiogram Diagnostic based on Embedded and Mobile Technology

Dung Cao Tuan, Thuan Pham Van, Viet Hoang Anh
International Symposium on Information and Communication Technology (SoICT) 2012

Patent

Autonomous reasoning system for vulnerability analysis

Praveen Murthy, Bogdan Copos and Thuan Pham
(Short description) Automated vulnerability detection and program repair system working directly on program binaries.
United States Patent - US9767290B2

Selected Work Experience

Lecturer - University of Melbourne (From 7/2020)

Teaching and doing research on software security.

Research Fellow - Monash University (12/2018 - 6/2020)

Worked on Fuzz testing techniques for vulnerability detection.

Research Fellow - NUS (8/2017 - 11/2018)

Worked on Fuzz testing techniques for vulnerability detection & crash reproduction.

Research Associate - NUS (4/2017 - 7/2017)

Worked on Fuzz testing techniques for vulnerability detection & crash reproduction.

Research Assistant - NUS (5/2016 - 3/2017)

Worked on Fuzz testing techniques for vulnerability detection & crash reproduction.

Research Intern - Fujitsu Laboratories of America (2/2015 - 5/2015)

Involved in a team to build an automated Cyber Reasoning System (CRS) to participate in the DARPA Cyber Grand Challenge - The World’s first all-machine hacking tournament.

Lecturer - Hanoi University of Science and Technology (8/2007 - 8/2012)

Taught courses in subjects such as Microprocessors, Embedded Systems, Microsoft .NET Framework and involved in R&D and technonogy transfers activities.

Co-founder & Trainer - Embedded247 Training Center (5/2011 - 7/2012)

Designed courses & involved in training activities.

Co-founder & Research Lead - Mimas Solutions and Services jsc., (5/2011 - 7/2012)

Designed and developed prototypes for emotion & image recognition systems.

Research Intern - Orange France Telecom (2/2009 - 7/2009)

Designed and evaluated routing protocols for wireless sensor networks.

Awards

Research Achievement Award AY2014/2015 - School of Computing, NUS (AY2014/2015)

Presented to PhD students who have achieved outstanding research performance.

3rd prize VIFOTEC Scientific and Technological Innovation Award - Ministry of Science and Technology (Vietnam) (2011)

For an automatic mirror-rotation based Goniophotometer hardware & software system. The product was bought by Rang Dong Lighting Ltd., one of the biggest lighting companies in Vietnam.

Top 5 Intel & DST Asia Pacific Challenge 2011 - (2011)

For a Brain-Computer-Interace (BCI) based emotion recognition system.

1st prize Vietnamese Talent Award - (2010)

For a system helping disabled people to control electronic/electrical devices via brain signals.

Basic Information

Location:Australia
Email:thuan.pham[at]unimelb.edu.au

Openings

I am looking for one PhD student to work on fuzzing-related topics.

My Group

Postdocs
- Dr. Amirmohammad Pasdar
Research Assistants
- Wenqi Yan
- Tian Qiu (contract expired)
- Wentao Gao
- Andrew Pham (contract expired)
- Yunshui Zhang (contract expired)
- Xiaocong Zhang (contract expired)
PhD students
- Tian Qiu, University of Melbourne (from Aug 2024)
- Wenqi Yan, University of Melbourne (from Mar 2024)
- Wentao Gao, University of Melbourne (from April 2023)
- Viet Hoang Luu, University of Melbourne (from Oct 2024)
- Ping Charoenwet, University of Melbourne (from Feb 2022)
- Zhenzhi Lai, University of Melbourne (from 2023)
- Unaiza Alvi, University of Melbourne (from 2024)
- Lianglu Pan, University of Melbourne (graduated, now at the University of Melbourne)
- Pengbo Yan, University of Melbourne
- Dongge Liu, University of Melbourne (graduated, now at Google)
- Charaka Gheetal, Monash University (graduated, now faculty member at University of Ruhuna, Sri Lanka)
Masters students
- Wenqi Yan: Automated Software Testing
- Xiaocong Zhang: Embedded System Fuzzing
- Qingyun Wu: Network Protocol fuzzing
- Zhichen (Jason) Ren: Testing ML models
- Tung Lok (Robert) Wan: Github Security
- Simon Kelly: Network Protocol fuzzing
- Zac Duthie: Network Protocol fuzzing
- Wentao Gao: Testing Machine Translation Models
- Kwanhyong Lee: Fairness Testing
- Xihao Hao: Fuzzing for ML (graduated)
- Jialai Zhang: ML for fuzzing (graduated)
- Avi Patel: Web API fuzzing (graduated)
- Shubham Parth: Smart contract fuzzing (graduated)
- Yunshui Zhang: ML for fuzzing (graduated)

Practical Security Impact

We (my colleagues, Marcel, Manh-Dung, Andrew, Alex and I) have obtained 65 CVEs for vulnerabilities we discovered in widely-used tools and libraries such as live555, pdfium, valgrind, gdb, coreutils, binutils, ffmpeg, libiberty, libbfd, libxml2, libdwarf, libming and libav: CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2017-6965, CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-7210, CVE-2017- 7223, CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2017-7299, CVE-2017-7300, CVE-2017-7301, CVE-2017-7302, CVE-2017-7303, CVE-2017-7304, CVE-2017-7578, CVE-2017-8392, CVE-2017-8393, CVE-2017-8394, CVE-2017-8395, CVE-2017-8396, CVE-2017-8397, CVE-2017-8398, CVE-2017-9047, CVE-2017-9048, CVE-2017-9049, CVE-2017-9050, CVE-2017-9051, CVE-2017-9052, CVE-2017-9053, CVE-2017-9054, CVE-2017-9055, CVE-2018-10372, CVE-2018-10373, CVE-2018-10536 CVE-2018-10537, CVE-2018-10538, CVE-2018-10539, CVE-2018-10540, CVE-2018-12458 CVE-2018-12459, CVE-2018-12460, CVE-2018-13300, CVE-2018-13301, CVE-2018-13302, CVE-2018-13303, CVE-2018-13304, CVE-2018-13305, CVE-2018-13785, CVE-2018-19539, CVE-2018-19540, CVE-2018-19541, CVE-2018-19542, CVE-2018-19543, CVE-2019-7314

HOME
ABOUT
AUCTIONS
SHIPPING
FEES
TOOLS
HOW
FAQ
CONTACT

Original Source | Taken Source