HIGHLIGHTS OF QUALIFICATIONS
Research already helped detect and fix hundreds of new security vulnerabilities in AI frameworks.
15+ papers; publications in top venues: 2 ICSE, 1 FSE, 1 CSUR, 1 TOSEM, 1 MSR, 1 ISSRE.
Research Interests: Software Engineering, Software Security, LLM4SE, Reliability of AI systems, Source Code Auditing, Static and Dynamic Program Analysis, and Mining Software Repository.
SUMMARY OF DETECTED VULNERABILITIES
SELECTED PUBLICATIONS
A Survey on Automated Software Vulnerability Detection using Machine Learning, Nima Shiri Harzevili, Alvine Boaye Belle, Junjie Wang, Song Wang, Zhen Ming (Jack) Jiang, Nachiappan Nagappan, ACM Computing Survey 2024, link.
History-Driven Fuzzing for Deep Learning Libraries, Nima Shiri Harzevili, Mohammad Mahdi Mohajer, Moshi Wei, Hung Viet Pham, Song Wang, TOSEM 2024, link.
Demystifying and Detecting Misuses of Deep Learning APIs, Moshi Wei, Nima Shiri Harzevili, YueKai Huang, Jinqiu Yang, Junjie Wang, Song Wang, ICSE 2024, link.
Effectiveness of ChatGPT for Static Analysis: How Far Are We?, Mohammad Mahdi Mohajer, Reem Aleithan, Nima Shiri Harzevili, Moshi Wei, Alvine Boaye Belle, Hung Viet Pham, and Song Wang, 1st ACM International Conference on AI-powered Software (AIware 2024), link.
Fairness Analysis of Machine Learning-Based Code Reviewer Recommendation, Mohammad Mahdi Mohajer, Alvine Boaye Belle, Nima Shiri Harzevili, Junjie Wang, Hadi Hemmati, Song Wang and Zhen Ming Jack Jiang, 5th International Workshop on Algorithmic Bias in Search and Recommendation (Bias@SIGIR2024), link.
Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries, Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang, and Nachiappan Nagappan, MSR 2023, link.
Automatic Static Bug Detection for Machine Learning Libraries: Are We There Yet? Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang, and Nachiappan Nagappan, ISSRE 2023, link.
An Empirical Study on the Stability of Explainable Software Defect Prediction, J Shin, R Aleithan, J Nam, J Wang, Nima Shiri Harzevili, S Wang, APSEC 2023 (Distinguished Paper Award), link.
API Recommendation for Machine Learning Libraries: How Far Are We? Moshi Wei, Yuchao Huang, Junjie Wang, Jiho Shin, Nima Shiri Harzevili, and Song Wang, ESEC/FSE 2022, link.
CLEAR: Contrastive Learning for API Recommendation, Moshi Wei, Nima Shiri Harzevili, Yuchao Huang, Junjie Wang, and Song Wang, ICSE 2022, link.
Evaluating Deep Learning Fuzzers: A Comprehensive Benchmarking Study, Nima Shiri Harzevili, Moshi Wei, Mohammad Mahdi Mohajer, Hung Viet Pham, Song Wang, Under Review at TOSEM, link.
EDUCATION
York University (Toronto-Canada), Ph.D. 2020–Present
Dept. of Electrical Engineering and Computer Science
Thesis Title: Improving the Reliability of AI Infrastructure Using Data-Driven Software Analytics
Supervisor: Dr. Song Wang
Qazvin Azad University (Qazvin), M.S.C 2014–2017
Dept. of Electrical Engineering and Information Technology Engineering
Thesis: Software Defect Prediction by Modeling Conditional Mutual Dependency of Static Code Attributes
Supervisor: Dr. Sasan HosseinAlizadeh
University of Applied Science and Technology (Anzali, Iran), 2012–2014
Bachelor's Degree in Computer Software Technology Engineering
University of Applied Science and Technology (Lahijan, Iran) 2012–2014
Bachelor's Degree in Computer Software Technology Engineering
Skills
Programming Languages
Python, Solidity, Shell Scripting, C/C++
Libraries/Frameworks
TensorFlow, PyTorch, Pandas, Numpy, Beautiful Soup, Selenium, MongoDB, PostgreSQL
Cloud Platforms/Static Analysis Tools
Lambda Cloud, Google Computing, Flawfinder, RATS, CppCheck, Clang Static Analyzer, FaceBook Infer
Web2 Skills
Docker, Nginx, Gunicorn, Django
Technical Skills
Text-Preprocessing, Prompt Engineering, Fuzz Testing, Source Code Auditing, Static & Dynamic Code Analysis
EXPERIENCES
Software Security Researcher (York University) 2020 – Present
Led 6 research projects and contributed to 7 others, focusing on the reliability and safety of large-scale software systems developed in C/C++ and Java.
Identified/characterized the most prevalent in various ML libraries e.g. TensorFlow and PyTorch.
Examined 5 most used static analysis tools to detect vulnerabilities in 4 most used ML libraries (e.g., MLPack, MXNet, TensorFlow, and PyTorch) and found that they are incapable of detecting ML vulnerabilities, i.e., (5/410 = 0.01%).
Examined 7 commonly used API-level DL fuzz testing tools to evaluate their test case generation effectiveness to find bugs in TensorFlow and PyTorch.
Proposed an API-level fuzz testing tool called Orion that detected more than 70 confirmed vulnerabilities in
TensorFlow and PyTorch.
Characterized security checker bugs in TensorFlow, PyTorch, and JAX and proposed an LLM-based multi-agent tool equipped with RAG called TensorGuard to automatically repair them with 11.1% accuracy.
Characterized common DL API misuses in TensorFlow, and PyTorch, and proposed an LLM-based tool called LLMAPI Det to automatically repair them.
Acquired knowledge of security attacks, weaknesses, OWASP Top 10, NVD, NIST, CVSS scoring, and risk ranking and prioritization.
Machine Learning & Software Engineering Researcher (Qazvin Azad University) Sep 2014 - Sep 2017
Led 3 research projects and contributed to 2 others, focusing on the enhancing Naive Bayes classifier for software defect prediction and general ML datasets.
Performed in-depth literature review on over 193 existing studies in probabilistic graphical models and classic ML models.
Developed novel probabilistic classifiers to improve the accuracy of binary classification problems.
Conducted parametric and non-parametric tests to statistically compare different classic ML models
INDUSTRIAL EXPERIENCES
Collaboration with MITACS and HGS Canada (AI Software Engineer Intern) Sep. 2024–Present
Designing and implementing an AI chatbot that can interact with users, allowing them to ask specific questions related to HGS products, services, and capabilities.
Freelancer (Blockchain Developer & Security Specialist) Aug. 2020–Dec. 2020
Collaborated on a project to develop a secured and reliable DeFi system based on Ethereum smart contracts.
Gained knowledge of common smart contract security vulnerabilities including but not limited to Denial of Service (DoS) Attacks, Reentrancy Attacks, and Integer Overflow and Underflow.
Gained knowledge of common security vulnerabilities in Web3.
Published smart contracts on test and main Ethereum networks.
KarisAfzar Ltd (Machine Learning Engineer) Jan. 2017–Sep. 2018
Collaborated on a project focusing on modeling customer behavior analysis using machine learning and deep learning models.
Extracting, transforming, and loading customer behavior data into SQL database systems.
AWARDS
Mitacs Business Strategy Internship - (15K CAD) Oct. 2024
Academic Excellence Fund - Research funding from York University (2K CAD) Jan. 2024
Distinguished Paper Award from APSEC'23 technical track Dec. 2023
YorkU Graduate Fellowship - Paid research program (38K per year for 4 years) Sep. 2020
Postgraduate Scholarship - Deakin University Postgraduate Research Scholarship (DUPRS) Dec. 2019
First Place Certificate - Certificate of 1st place, RoboCup Iran Open 2017 International Competitions Apr. 2017
TEACHING EXPERIENCES
Teaching Assistant at York University, EECS3311: Software Design, (with Dr. Song Wang, and Dr. Hadi Hemmati);
Teaching Assistant at York University, EECS3311: Mission Critical Systems, (with Dr.Lina Marsso)
Teaching Assistant at York University, EECS4313: Software Engineering Testing, (with Dr. Marzieh Ahmadzadeh)
VOLUNTEER ACTIVITIES
Student Volunteer at ISSRE 2023 Conference. Student Volunteer at the International Symposium on Software Reliability Engineering (ISSRE) in Florence, Italy.
Contributing to TensorFlow and PyTorch libraries. Contributed to TensorFlow and PyTorch communities by reporting hundreds of real-world bugs and security vulnerabilities. Most of the reported bugs are confirmed and fixed by the developers of TensorFlow and PyTorch.
Reviewer/PC
ACM Computing Surveys (CSUR)
IEEE Transactions on Software Engineering (TSE)
Information and Software Technology (IST)
ACM Transactions on Software Engineering and Methodology (TOSEM)
Empirical Software Engineering (ESEM)
knowledge-based-system (KBS)
19th International Conference on Mining Software Repositories (MSR22)
TEACHING AND RESEARCH STATEMENTS