Yifan Xia (夏亦凡)


Second Year Ph.D. Student
School of Control Science and Engineering
Zhejiang University

Email: yfxia at zju.edu.cn
Zheda Road 38, Hangzhou, China


This page was updated on by Yifan.


Biography

I am a Ph.D. student at NESA LAB, Zhejiang University (ZJU), co-supervised by Prof. Shouling Ji, Prof. Xuhong Zhang, and Prof. Wenhai Wang. Previously, I earned my Bachelor's degree from the School of Cyber Science and Engineering at Huazhong University of Science and Technology (HUST), under the guidance of Prof. Ming Wen in the SAS-HUST group.

My research focuses on leveraging program analysis and AI techniques to enhance system and software security, particularly for open-source software supply chain. Noteworthy projects include:

  • Malware Attack and Defense across Web, Node.js, and Android ecosystems.
  • Large Language Model applications in security.
  • Optimization of Fuzzing techniques.

News

I am currently exploring opportunities for a visiting position at leading research labs, potentially sponsored by my university's exchange program. If your lab is open to hosting a visiting researcher, please contact me.

  • June 4, 2024: Our paper was accepted by USENIX Security'24
  • Aug 18, 2023: Our paper was accepted by CCS'23
  • Aug 15, 2023: Our paper was accepted by ESORICS'23
  • May 12, 2023: Our paper was accepted by EmSE
  • Sept 1, 2022: Now a Ph.D candidate in NESA LAB, ZJU

Education

  • Zhejiang University Aug, 2022 - Now   
    Ph.D., Cyber Security
  • Huazhong University of Science and Technology Sep, 2018 - Jun, 2022   
    B.A., Information Security (Major)
    B.A., English Literature (Dual Major)

Work Experience

  • Tencent Jul, 2021 - Sept, 2021    
    Softeware Developing Intern, WXG

Publications

Malware Attack and Defense
  • Static Semantics Reconstruction for JavaScript-WebAssembly Multilingual Malware Detection - [ESORICS'23]
    Yifan Xia, Ping He, Xuhong Zhang, Peiyu Liu, Shouling Ji, Wenhai Wang
    In 28th European Symposium on Research in Computer Security [pdf]
  • Efficient Query-based Attack Against ML-based Android Malware Detection Under Zero Knowledge Setting - [CCS'23]
    Ping He, Yifan Xia, Xuhong Zhang, Shouling Ji
    In The 30th ACM Conference on Computer and Communications Security [pdf]
LLM for Cybersecurity
  • Exploring Large Language Models for Precise Cryptographic Misuse Detection - [In Submission]
    Anonymous authors
  • Exploring ChatGPT's Capabilities on Vulnerability Management - [USENIX Security'24]
    Peiyu Liu, Junming Liu, Lirong Fu, Kangjie Lu, Yifan Xia, Xuhong Zhang, Wenzhi Chen, Haiqin Weng, Shouling Ji, Wenhai Wang [pdf]
Fuzzing
  • Enhancing Concurrent Fuzzing Performance with Adaptive Techniques - [In Submission]
    Anonymous authors
  • Evaluating Seed Selection for Fuzzing JavaScript Engines - [EmSE 2023]
    Ming Wen, Yongcong Wang, Yifan Xia, Hai Jin
    In Empirical Software Engineering [pdf]

Services

Reviewer, TIFS 2023

External Reviewer, ICWS 2023

Related links

Hobbies

I love recording, and you can find some of my songs here.

Yifan Xia's Homepage