HIGHLIGHTS OF QUALIFICATIONS 

• Research already helped detect and fix hundreds of new security vulnerabilities in AI frameworks.

• 15+ papers; publications in top venues: 2 ICSE, 1 FSE, 1 CSUR, 2 TOSEM, 1 MSR, 1 ISSRE.

• Research Interests: Software Engineering, Software Security, LLM4SE, Reliability of AI systems, Source Code Auditing, Static and Dynamic Program Analysis, and Mining Software Repository.

SUMMARY OF DETECTED VULNERABILITIES

1. DoS via Memory Corruption

   1. CVE-2023-25801

2. DoS via Segmentation Fault

   1. CVE-2023-33976

3. DoS via Memory Corruption

4. DoS via Segmentation Fault

5. DoS via Segmentation Fault

6. DoS via Segmentation Fault

SELECTED PUBLICATIONS

• A Survey on Automated Software Vulnerability Detection using Machine Learning, Nima Shiri Harzevili, Alvine Boaye Belle, Junjie Wang, Song Wang, Zhen Ming (Jack) Jiang, Nachiappan Nagappan, ACM Computing Survey 2024, link.

• History-Driven Fuzzing for Deep Learning Libraries, Nima Shiri Harzevili, Mohammad Mahdi Mohajer, Moshi Wei, Hung Viet Pham, Song Wang, TOSEM 2024, link.

• Demystifying and Detecting Misuses of Deep Learning APIs, Moshi Wei, Nima Shiri Harzevili, YueKai Huang, Jinqiu Yang, Junjie Wang, Song Wang, ICSE 2024, link.

• Effectiveness of ChatGPT for Static Analysis: How Far Are We?, Mohammad Mahdi Mohajer, Reem Aleithan, Nima Shiri Harzevili, Moshi Wei, Alvine Boaye Belle, Hung Viet Pham, and Song Wang, 1st ACM International Conference on AI-powered Software (AIware 2024), link.

• Fairness Analysis of Machine Learning-Based Code Reviewer Recommendation, Mohammad Mahdi Mohajer, Alvine Boaye Belle, Nima Shiri Harzevili, Junjie Wang, Hadi Hemmati, Song Wang and Zhen Ming Jack Jiang, 5th International Workshop on Algorithmic Bias in Search and Recommendation (Bias@SIGIR2024), link.

• Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries, Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang, and Nachiappan Nagappan, MSR 2023, link.

• Automatic Static Bug Detection for Machine Learning Libraries: Are We There Yet? Nima Shiri Harzevili, Jiho Shin, Junjie Wang, Song Wang, and Nachiappan Nagappan, ISSRE 2023, link.

• An Empirical Study on the Stability of Explainable Software Defect Prediction, J Shin, R Aleithan, J Nam, J Wang, Nima Shiri Harzevili, S Wang, APSEC 2023 (Distinguished Paper Award), link.

• API Recommendation for Machine Learning Libraries: How Far Are We? Moshi Wei, Yuchao Huang, Junjie Wang, Jiho Shin, Nima Shiri Harzevili, and Song Wang, ESEC/FSE 2022, link.

• CLEAR: Contrastive Learning for API Recommendation, Moshi Wei, Nima Shiri Harzevili, Yuchao Huang, Junjie Wang, and Song Wang, ICSE 2022, link.

• Evaluating Deep Learning Fuzzers: A Comprehensive Benchmarking Study, Nima Shiri Harzevili, Moshi Wei, Mohammad Mahdi Mohajer, Hung Viet Pham, Song Wang, TOSEM, link.

EDUCATION

York University (Toronto-Canada), Ph.D. 2020–2025

Dept. of Electrical Engineering and Computer Science 

Thesis Title: Improving the Reliability of AI Infrastructure Using Data-Driven Software Analytics

Supervisor: Dr. Song Wang

Qazvin Azad University (Qazvin), M.S.C   2014–2017

Dept. of Electrical Engineering and Information Technology Engineering

Thesis: Software Defect Prediction by Modeling Conditional Mutual Dependency of Static Code Attributes

Supervisor: Dr. Sasan HosseinAlizadeh

University of Applied Science and Technology (Anzali, Iran), 2012–2014

Bachelor's Degree in Computer Software Technology Engineering

University of Applied Science and Technology (Lahijan, Iran) 2012–2014

Bachelor's Degree in Computer Software Technology Engineering

Skills

• Programming Languages

  • Python, Solidity, Shell Scripting, C/C++

• Libraries/Frameworks

  • TensorFlow, PyTorch, Pandas, Numpy, Beautiful Soup, Selenium, MongoDB, PostgreSQL

• Cloud Platforms/Static Analysis Tools

  • Lambda Cloud, Google Computing, Flawfinder, RATS, CppCheck, Clang Static Analyzer, FaceBook Infer

• Web2 Skills

  • Docker, Nginx, Gunicorn, Django

• Technical Skills

  • Text-Preprocessing, Prompt Engineering, Fuzz Testing, Source Code Auditing, Static & Dynamic Code Analysis

EXPERIENCES

Software Security Researcher (York University) 2020 – Present

• Led 6 research projects and contributed to 7 others, focusing on the reliability and safety of large-scale software systems developed in C/C++ and Java.

• Identified/characterized the most prevalent in various ML libraries e.g. TensorFlow and PyTorch.

• Examined 5 most used static analysis tools to detect vulnerabilities in 4 most used ML libraries (e.g., MLPack, MXNet, TensorFlow, and PyTorch) and found that they are incapable of detecting ML vulnerabilities, i.e., (5/410 = 0.01%).

• Examined 7 commonly used API-level DL fuzz testing tools to evaluate their test case generation effectiveness to find bugs in TensorFlow and PyTorch.

• Proposed an API-level fuzz testing tool called Orion that detected more than 70 confirmed vulnerabilities in

TensorFlow and PyTorch.

• Characterized security checker bugs in TensorFlow, PyTorch, and JAX and proposed an LLM-based multi-agent tool equipped with RAG called TensorGuard to automatically repair them with 11.1% accuracy.

• Characterized common DL API misuses in TensorFlow, and PyTorch, and proposed an LLM-based tool called LLMAPI Det to automatically repair them.

• Acquired knowledge of security attacks, weaknesses, OWASP Top 10, NVD, NIST, CVSS scoring, and risk ranking and prioritization.

Machine Learning & Software Engineering Researcher (Qazvin Azad University) Sep 2014 - Sep 2017

• Led 3 research projects and contributed to 2 others, focusing on the enhancing Naive Bayes classifier for software defect prediction and general ML datasets.

• Performed in-depth literature review on over 193 existing studies in probabilistic graphical models and classic ML models.

• Developed novel probabilistic classifiers to improve the accuracy of binary classification problems.

• Conducted parametric and non-parametric tests to statistically compare different classic ML models

INDUSTRIAL EXPERIENCES

• Collaboration with MITACS and HGS Canada (AI Software Engineer Intern) Sep. 2024– Feb 2025

  • Design and implement an AI chatbot that can interact with users and allow them to ask specific questions related to HGS products, services, and capabilities.

• Freelancer (Blockchain Developer & Security Specialist) Aug. 2020–Dec. 2020

  • Collaborated on a project to develop a secured and reliable DeFi system based on Ethereum smart contracts.

  • Gained knowledge of common smart contract security vulnerabilities including but not limited to Denial of Service (DoS) Attacks, Reentrancy Attacks, and Integer Overflow and Underflow.

  • Gained knowledge of common security vulnerabilities in Web3.

  • Published smart contracts on test and main Ethereum networks.

• KarisAfzar Ltd (Machine Learning Engineer) Jan. 2017–Sep. 2018

  • Collaborated on a project focusing on modeling customer behavior analysis using machine learning and deep learning models.

  • Extracting, transforming, and loading customer behavior data into SQL database systems.

AWARDS

• Mitacs Business Strategy Internship - (15K CAD) Oct. 2024

• Academic Excellence Fund - Research funding from York University (2K CAD) Jan. 2024

• Distinguished Paper Award from APSEC'23 technical track Dec. 2023

• YorkU Graduate Fellowship - Paid research program (38K per year for 4 years) Sep. 2020 

• Postgraduate Scholarship - Deakin University Postgraduate Research Scholarship (DUPRS) Dec. 2019 

• First Place Certificate - Certificate of 1st place, RoboCup Iran Open 2017 International Competitions Apr. 2017 

TEACHING EXPERIENCES

• Teaching Assistant at York University, EECS3311: Software Design, (with Dr. Song Wang, and Dr. Hadi Hemmati);

• Teaching Assistant at York University, EECS3311: Mission Critical Systems, (with Dr.Lina Marsso)

• Teaching Assistant at York University, EECS4313: Software Engineering Testing, (with Dr. Marzieh Ahmadzadeh)

VOLUNTEER ACTIVITIES

• Student Volunteer at ISSRE 2023 Conference. Student Volunteer at the International Symposium on Software Reliability Engineering (ISSRE) in Florence, Italy.

• Contributing to TensorFlow and PyTorch libraries. Contributed to TensorFlow and PyTorch communities by reporting hundreds of real-world bugs and security vulnerabilities. Most of the reported bugs are confirmed and fixed by the developers of TensorFlow and PyTorch.

• Reviewer/PC

  • ACM Computing Surveys (CSUR)

  • IEEE Transactions on Software Engineering (TSE)

  • Information and Software Technology (IST)

  • ACM Transactions on Software Engineering and Methodology (TOSEM)

  • Empirical Software Engineering (ESEM)

  • knowledge-based-system (KBS)

  • 19th International Conference on Mining Software Repositories (MSR22)

TEACHING AND RESEARCH STATEMENTS

• Research Statement and Future Research Plans

• Teaching Statement

• Diversity Statement