Yifan Xia (夏亦凡)


Third Year Ph.D. Candidate
School of Control Science and Engineering
Zhejiang University

Email: yfxia at zju.edu.cn
Zheda Road 38, Hangzhou, China


This page was updated on by Yifan.


Biography

I am a Ph.D. student at NESA LAB, Zhejiang University (ZJU), co-supervised by Prof. Shouling Ji, Prof. Xuhong Zhang, and Prof. Wenhai Wang. Previously, I earned my Bachelor's degree from the School of Cyber Science and Engineering at Huazhong University of Science and Technology (HUST), under the guidance of Prof. Ming Wen in the SAS-HUST group.

My research focuses on leveraging program analysis and AI techniques to enhance system and software security, particularly for open-source software supply chain. Noteworthy projects include:

  • Malware Attack and Defense across Web, Node.js, and Android ecosystems.
  • Large Language Model applications in security.
  • Optimization of Fuzzing techniques.

News

  • Mar 30, 2025: Our paper was accepted by ISSTA 2025
  • Now I join the Cyber Security Research Center @ NTU as a joint Ph.D. from December 2024.
  • June 4, 2024: Our paper was accepted by USENIX Security'24
  • Aug 18, 2023: Our paper was accepted by CCS'23
  • Aug 15, 2023: Our paper was accepted by ESORICS'23
  • May 12, 2023: Our paper was accepted by EmSE
  • Sept 1, 2022: Now a Ph.D candidate in NESA LAB, ZJU

Education

  • Zhejiang University Aug, 2022 - Now   
    Ph.D., Cyber Security
  • Huazhong University of Science and Technology Sep, 2018 - Jun, 2022   
    B.A., Information Security (Major)
    B.A., English Literature (Dual Major)

Work Experience

  • Tencent Jul, 2021 - Sept, 2021    
    Softeware Developing Intern, WXG

Publications

LLM for Cybersecurity
  • Beyond Static Pattern Matching? Rethinking Automatic Cryptographic API Misuse Detection in the Era of LLMs - [ISSTA 2025]
    Yifan Xia, Zichen Xie, Peiyu Liu, Kangjie Lu, Yan Liu, Wenhai Wang, Shouling Ji In The 34th ACM SIGSOFT International Symposium on Software Testing and Analysis [pdf]
  • Exploring ChatGPT's Capabilities on Vulnerability Management - [USENIX Security'24]
    Peiyu Liu, Junming Liu, Lirong Fu, Kangjie Lu, Yifan Xia, Xuhong Zhang, Wenzhi Chen, Haiqin Weng, Shouling Ji, Wenhai Wang
    In The 33th USENIX Security Symposium [pdf]
Malware Attack and Defense
  • Static Semantics Reconstruction for JavaScript-WebAssembly Multilingual Malware Detection - [ESORICS'23]
    Yifan Xia, Ping He, Xuhong Zhang, Peiyu Liu, Shouling Ji, Wenhai Wang
    In 28th European Symposium on Research in Computer Security [pdf]
  • Efficient Query-based Attack Against ML-based Android Malware Detection Under Zero Knowledge Setting - [CCS'23]
    Ping He, Yifan Xia, Xuhong Zhang, Shouling Ji
    In The 30th ACM Conference on Computer and Communications Security [pdf]
Fuzzing
  • Enhancing Concurrent Fuzzing Performance with Adaptive Techniques - [In Submission]
    Anonymous authors
  • Evaluating Seed Selection for Fuzzing JavaScript Engines - [EmSE 2023]
    Ming Wen, Yongcong Wang, Yifan Xia, Hai Jin
    In Empirical Software Engineering [pdf]

Services

Reviewer, TIFS 2023

External Reviewer, ICWS 2023

Related links

Hobbies

I love recording, and you can find some of my songs here.

Yifan Xia's Homepage