Biography

I am currently a visiting Ph.D. student at the Cyber Security Research Center, Nanyang Technological University, Singapore, working with Prof. Yang Liu. I am also pursuing a Ph.D. degree at NESA LAB, Zhejiang University (ZJU), co-supervised by Prof. Shouling Ji, Prof. Xuhong Zhang, and Prof. Wenhai Wang. Previously, I earned my Bachelor's degree from the School of Cyber Science and Engineering at Huazhong University of Science and Technology (HUST), under the guidance of Prof. Ming Wen in the SAS-HUST group.

My current research focuses on leveraging program analysis and AI techniques to enhance agentic systems for software engineering and system security. Noteworthy projects include:

Domain-specific Agentic System design & optimization.
Large Language Model applications in security.
Malware Attack and Defense across Web, Node.js, and Android ecosystems.

News

Mar 26, 2026: Our paper was accepted by FSE 2026
Oct 7, 2025: Our paper was accepted by TIFS. Congratulate to Hong Liang.
Mar 30, 2025: Our paper was accepted by ISSTA 2025
Now I join the Cyber Security Research Center @ NTU as a joint Ph.D. from December 2024.
June 4, 2024: Our paper was accepted by USENIX Security'24
Aug 18, 2023: Our paper was accepted by CCS'23

Education

Zhejiang University Aug, 2022 - Now
Ph.D., Cyber Security
Nanyang Technological University Dec, 2024 - Now
Visiting Ph.D., Cyber Security
Huazhong University of Science and Technology Sep, 2018 - Jun, 2022
B.A., Information Security (Major)
B.A., English Literature (Dual Major)

Work Experience

Tencent Jul, 2021 - Sept, 2021
Softeware Developing Intern, WXG

Publications

Agentic & LLM System for Software

Break to Adapt: Knowledge-Based Updates of Breaking Dependencies in JavaScript - [FSE 2026]
Yifan Xia, Chengwei Liu, Zifan Xie, Lyuye Zhang, Peiyu Liu, Kangjie Lu, Yang Liu, Wenhai Wang, and Shouling Ji,
In The The ACM International Conference on the Foundations of Software Engineering
Beyond Static Pattern Matching? Rethinking Automatic Cryptographic API Misuse Detection in the Era of LLMs - [ISSTA 2025]
Yifan Xia, Zichen Xie, Peiyu Liu, Kangjie Lu, Yan Liu, Wenhai Wang, Shouling Ji
In The 34th ACM SIGSOFT International Symposium on Software Testing and Analysis [pdf]
AutoPenGPT: Drift-Resistant Penetration Testing Driven by Search-Space Convergence and Dependency Modeling - [JEIT]
Huang Weigang, Fu Lirong, Liu Peiyu, Du Linkang, Ye Tong, Xia Yifan, Wang Wenhai
In The Journal of Electronics & Information Technology [pdf]
Exploring ChatGPT's Capabilities on Vulnerability Management - [USENIX Security'24]
Peiyu Liu, Junming Liu, Lirong Fu, Kangjie Lu, Yifan Xia, Xuhong Zhang, Wenzhi Chen, Haiqin Weng, Shouling Ji, Wenhai Wang
In The 33th USENIX Security Symposium [pdf]

Malware Attack and Defense

Static Semantics Reconstruction for JavaScript-WebAssembly Multilingual Malware Detection - [ESORICS'23]
Yifan Xia, Ping He, Xuhong Zhang, Peiyu Liu, Shouling Ji, Wenhai Wang
In 28th European Symposium on Research in Computer Security [pdf]
Efficient Query-based Attack Against ML-based Android Malware Detection Under Zero Knowledge Setting - [CCS'23]
Ping He, Yifan Xia, Xuhong Zhang, Shouling Ji
In The 30th ACM Conference on Computer and Communications Security [pdf]

Fuzzing

Boosting Parallel Fuzzing with Boundary-Targeted Task Allocation and Exploration - [TIFS]
Hong Liang, Yijia Guo, Haotian Wu, Yifan Xia, Yi Xiang, Xiantao Jin, Hao Peng, Xuhong Zhang, Shouling Ji
In Transactions on Information Forensics & Security [pdf]
Evaluating Seed Selection for Fuzzing JavaScript Engines - [EmSE]
Ming Wen, Yongcong Wang, Yifan Xia, Hai Jin
In Empirical Software Engineering [pdf]

Services

Student Volunteer, ICFP/SPLASH 2025

Reviewer, TIFS 2023

External Reviewer, ICWS 2023