Nima Shiri Harzevili
ABOUT
My research focuses on assisting developers in enhancing the reliability of large-scale software systems. My endeavor is to develop state-of-the-art automated program analysis tools, automated software testing and repair techniques, and machine learning-based tools for detecting and fixing software security vulnerabilities and bugs within large-scale and safety-critical software systems for applications in human health, transportation, and space technologies. To progress this endeavor, I am interested in utilizing my extensive experience with static program analysis, software testing, artificial intelligence, machine learning, and natural language processing.
Currently, I'm a Ph.D. candidate at the York University, where I am being advised by Song Wang. My PhD research focuses on understanding, detecting, and fixing security vulnerabilities within machine learning libraries.
SUMMARY OF DETECTED VULNERABILITIES
Segmentation Fault in TensorFlow
Skills
Programming
Python, Solidity, C/C++, JAVA, Shell Scripting
Libraries/Frameworks
TensorFlow, PyTorch, Pandas, Numpy, Beautiful Soup, Jupyter, MongoDB, Microsoft SQL Server
Tools/Platforms
Lambda Cloud, GCP, Clang Static Analyzer, Flawfinder, Cppcheck, Facebook Infer
Technical Skills
Text-Preprocessing, Prompt Engineering, Malware Analysis, Fuzz Testing, Security Auditing, Static Code Analysis
EXPERIENCE
Software Security Researcher (York University) 2020 – Present
Led 6 research projects and contributed to 7 others, focusing on the reliability and safety of large-scale software systems developed in C/C++ and Java.
Conducted an extensive literature review encompassing over 400 existing studies on the security of ML libraries and traditional vulnerability detection techniques.
Conducted security auditing of more than 10K bug reports mined from the GitHub repositories of TensorFlow, PyTorch, MLpack, and MXNet.
Developed an API-level fuzz testing tool that detected more than 70 confirmed vulnerabilities in TensorFlow and PyTorch.
Conducted vulnerability management steps including triage, prioritization, and remediation on hundreds of detected vulnerabilities.
Acquired knowledge of security attacks, weaknesses, OWASP Top 10, NVD, NIST, CVSS scoring, and risk ranking and prioritization.
Machine Learning & Software Engineering Researcher (Qazvin Azad Uuiversity) Sep 2014 - Sep 2017
Led 3 research projects and contributed to 2 others, focusing on the enhancing Naive Bayes classifier for software defect prediction and general ML datasets.
Performed in-depth literature review on over 193 existing studies in probabilistic graphical models and classic ML models.
Developed novel probabilistic classifiers to improve the accuracy of binary classification problem.
Conducted parametric and non-parametric tests to statistically compare different classic ML models
Blockchain Developer & Security Specialist (KarisAfzar Ltd) Sep 2020 - Mar 2021
Collaborated on a project with a focus on developing a secured and reliable DeFi system based on Ethereum smart contracts.
Gained knowledge of common smart contract security vulnerabilities including Freezing Ether, Reentrancy, and Integer Precision Issues.
Published smart contracts on test and main Ethereum networks.
PUBLICATIONS
Demystifying and Detecting Misuses of Deep Learning APIs, Moshi Wei, Nima Shiri Harzevili, YueKai Huang, Jinqiu Yang, Junjie Wang, Song Wang, ICSE 2024. pdf.
Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries, Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang, and Nachiappan Nagappan, MSR 2023. link.
Automatic Static Bug Detection for Machine Learning Libraries: Are We There Yet? Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang, and Nachiappan Nagappan, ISSRE 2023. pdf.
CLEAR: Contrastive Learning for API Recommendation, Moshi Wei, Shiri Harzevili Nima, Yuchao Huang, Junjie Wang, and Song Wang, ICSE 2022. link.
API Recommendation for Machine Learning Libraries: How Far Are We? Moshi Wei, Yuchao Huang, Junjie Wang, Jiho Shin, Shiri Harzevili Nima, and Song Wang, ESEC/FSE 2022. link.
Mixture of latent multinomial naive Bayes classifier, NS Harzevili, SH Alizadeh, Applied Soft Computing 69, 516-527. link.
Analysis and modeling conditional mutual dependency of metrics in software defect prediction using latent variables, NS Harzevili, SH Alizadeh, Neurocomputing 460, 309-330. link.
Multi independent latent component extension of naive Bayes classifier, SH Alizadeh, A Hediehloo, NS Harzevili Knowledge-based systems 213, 106646. link.
Relaxing Pairwise Conditional Dependency of NB Attributes using Hidden Variables, SH Alizadeh, NS Harzevili, A Hediehloo, H Zare, 2020 10th International Symposium on telecommunications (IST), 116-122. link.
An Empirical Study on the Stability of Explainable Software Defect Prediction, J Shin, R Aleithan, J Nam, J Wang, N Shiri Harzevili, S Wang, APSEC 2023 (Distinguished Paper Award). link.
EDUCATION
York University, Toronto 2020–Present
Dept. of EECS Ph.D.
Research Field: SE4ML, ML4SE, Automated Software Testing, LLM for SE, Mining Software Repositories, Machine Learning, Natural Language Processing
Supervisor: Dr. Song Wang
Qazvin Azad University, Qazvin 2014–2017
Dept. of CSIT M.Sc.
Research Field: Software Defect Prediction, Probabilistic Graphical Models
Supervisor: Dr. Sasan HosseinAlizadeh
PROFESSIONAL ACTIVITIES
Contributing to TensorFlow and PyTorch libraries. Contributed to TensorFlow and PyTorch communities by reporting hundreds of real-world bugs and security vulnerabilities. Most of the reported bugs are confirmed and fixed by the developers of TensorFlow and PyTorch.
Graduate Teaching Assistant, Lassonde School of Engineering, York University. Assisted university professors in running lab tests and tutorials on computer science courses.
VOLUNTEER ACTIVITIES
Student Volunteer at ISSRE 2023 Conference. Student Volunteer at the International Symposium on Software Reliability Engineering (ISSRE) held in Florence, Italy.
Shadow PC Member at MSR 2022 Conference. Participated in reviewing submitted papers to the conference in a double-blind review process.
Reviewer at the journal of Knowledge-Based Systems. Participated in reviewing a paper to the journal of Knowledge-Based Systems.