Kaifeng Huang - 黄凯锋

Kaifeng Huang is an Assistant Professor (tenure-track) at School of Software Engineering, Tongji Unversity. Prior to that, he was a research fellow at Software Engineering Lab, Fudan University. He obtained his PhD from Fudan University in 2022, supervised by Prof. Xin Peng and Prof. Bihuan Chen.

His research interests focus on open source software supply chain, software security and software evolution. He serves in the reviewer panels and program committees of IEEE Transactions on Software Engineering, ACM Transactions on Software Engineering and Methodology, Journal of Systems & Software, ASE 2024, ISSRE 2024, ICSE AE 2023, etc. He was the awardee of the ACM SIGSOFT Distinguished Paper Award at ASE 2018 and IEEE TCSE Distinguished Paper Award at ICSME 2020.

Research Interests

Software&AI Supply Chain. Software and AI systems are inherently complex. Achieving a clear assessment of security, maintenance, and legal risks in the software and AI supply chain, along with developing effective mitigation strategies, remains a significant challenge. Our mission is to simplify this process by providing comprehensive evaluations and actionable solutions that enhance security and compliance throughout the lifecycle of software and AI systems.
Software Security. The software system is vulnerable to security issues. We are interested in but not limited to topics such as software vulnerability detection/assessment/mitigation, malicious software/AIWare/LLMWare detection, and privacy protection. Our goal is to identify potential security risks and prevent the leakage of sensitive privacy information (e.g., LLM privacy).
Software Evolution. The software evolves constantly, leading to issues like version fragmentation, API incompatibility, API deprecation, and merge conflict. Our goal is to assess the challenges this evolution presents to downstream software and provide automated techniques to alleviate these issues.

See my work

Highlights

VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching. Kaifeng Huang, Chenhao Lu, Yiheng Cao, Bihuan Chen, Xin Peng. In Proceedings of the 31th ACM Conference on Computer and Communications Security, Salt Lake City, United States, accepted, 2024.
Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities. Susheng Wu, Ruisi Wang, Kaifeng Huang, Yiheng Cao, Wenyan Song, Zhuotong Zhou, Yiheng Huang, Bihuan Chen, Xin Peng. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, United States, pp. 1447-1459, 2024.
Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities. Susheng Wu, Wenyan Song, Kaifeng Huang, Bihuan Chen, Xin Pen. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering (ICSE), Lisbon, Portugal, pp. 162: 1-12, 2024.

What's New?

[2024.10] Our paper titled "Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence" is accepted by ACM Transactions on Software Engineering and Methodology.
[2024.08] Our paper titled "VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching" is accepted by CCS 2024.
[2024.08] Our paper titled "Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities" is accepted by ASE 2024.
[2024.08] Our paper titled "1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection" is accepted by ASE 2024.
[2024.07] Our paper titled "Your "Notice" is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking" is accepted by ISSTA 2024.
[2024.05] Our paper titled "Detecting Incompatible Third-Party Library APIs in Python Based on Static Analysis" is accepted by JOS.
[2024.03] I was invited to serve on the program committee of the Research Track at AIWare 2024 Challenge Track.
[2024.03] I was invited to serve on the program committee of the Research Track at ISSRE 2024.
[2024.02] I have joined Tongji University as an Assitant Professor!
[2023.12] Our paper titled "Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions" is accepted by SANER 2024.
[2023.12] Our paper titled "Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities" is accepted by ICSE 2024.
[2023.12] I was invited to serve on the program committee of the Research Track at ASE 2024.
[2023.07] One paper titled "Demystifying Dependency Bugs in Deep Learning Stack" is accepted by ESEC/FSE 2023.
[2023.06] I was invited to serve on the program committee of the Artifact Evaluation Track at ESEC/FSE 2023.
[2023.06] One paper titled "Characterizing the Complexity and Its Impact on Testing in ML-Enabled Systems - A Case Study on Rasa" is accepted by ICSME 2023.
[2022.09] I was invited to serve on the program committee of the Artifact Evaluation Track at ICSE 2023.
[2022.08] I was invited to serve on the program committee of Tool Demo Track at SANER 2023.
[2022.06] One paper titled "Tracking Patches for Open Source Software Vulnerabilities" is accepted by ESEC/FSE 2022.
[2022.04] I was awarded the Outstanding Graduate of Fudan University.
[2022.02] One paper titled "Characterizing Usages, Updates and Risks of Third-Party Libraries in Java Projects" is accepted by EMSE 2022.
[2022.01] I joined Fudan University as a Postdoctoral Research Fellow.
[2021.12] I was honored to receive Fudan Super-PostDoctoral Fellowship.
[2021.12] I got my PhD from Fudan University. Thesis entitled "Third-Party Library Harmonization and Update Recommendation Based on API Analysis".
[2021.12] I was honored to give talks at "2021 CCF Chinasoft Open Source Symposium" and "2021 CCF Chinasoft Doctoral Symposium"
[2021.07] One paper titled "RepFinder: Finding Replacements for Missing APIs in Library Update" is accepted by ASE 2021.

Publications

[TOSEM'24] Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence.
Junan Zhang, Kaifeng Huang, Yiheng Huang, Bihuan Chen, Ruisi Wang, Chong Wang, Xin Peng. ACM Transactions on Software Engineering and Methodology, accepted, 2024.
[CCS'24] VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching.
Kaifeng Huang, Chenhao Lu, Yiheng Cao, Bihuan Chen, Xin Peng. In Proceedings of the 31th ACM Conference on Computer and Communications Security, Salt Lake City, United States, accepted, 2024.
[ASE'24] Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities. [PDF]
Susheng Wu, Ruisi Wang, Kaifeng Huang, Yiheng Cao, Wenyan Song, Zhuotong Zhou, Yiheng Huang, Bihuan Chen, Xin Peng. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, United States, pp. 1447-1459, 2024.
[ASE'24] 1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection. [PDF]
Xiaobing Sun, Xingan Gao, Sicong Cao, Lili Bo, Xiaoxue Wu, Kaifeng Huang. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, United States, pp. 1159-1170, 2024.
[ISSTA'24] Your "Notice" is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking. [PDF]
Kaifeng Huang, Yingfeng Xia, Bihuan Chen, Siyang He, Huazheng Zeng, Zhuotong Zhou, Jin Guo, Xin Peng. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, Vienna, Austria, pp. 1022-1034, 2024.
[JOS] 基于静态分析的Python第三方库API兼容性问题检测方法 (Detecting Incompatible Third-Party Library APIs in Python Based on Static Analysis). [PDF]
沈阚, 黄凯锋, 陈碧欢, 彭鑫. 软件学报（Journal of Software）, pp. 1-26, 2024.
[SANER'24] Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions. [PDF]
Dongfang Xie, Bihuan Chen, Kaifeng Huang, Yu Wang, Linghao Pan, Zhicheng Chen, Xin Peng. In Proceedings of the 31st IEEE International Conference on Software Analysis, Evolution and Reengineering, Rovaniemi, Finland, pp. 849-859, 2024.
[ICSE'24] Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities. [PDF]
Susheng Wu, Wenyan Song, Kaifeng Huang, Bihuan Chen, Xin Peng. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal, pp. 162: 1-12, 2024.
[FSE'23] Demystifying Dependency Bugs in Deep Learning Stack. [PDF]
Kaifeng Huang, Bihuan Chen, Susheng Wu, Junmin Cao, Lei Ma, Xin Peng. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, California, United States, pp. 450-462, 2023.
[ICSME'23] Characterizing the Complexity and Its Impact on Testing in ML-Enabled Systems - A Case Study on Rasa. [PDF]
Junming Cao, Bihuan Chen, Longjie Hu, Jie Gao, Kaifeng Huang, Xin Peng. In Proceedings of the 39th IEEE International Conference on Software Maintenance and Evolution, Bogotá, Colombia, pp. 258-270, 2023.
[FSE'22] Tracking Patches for Open Source Software Vulnerabilities. [PDF]
Congying Xu, Bihuan Chen, Chenhao Lu, Kaifeng Huang, Xin Peng, Yang Liu. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, pp. 860–871, 2022.
[EMSE'22] Characterizing Usages, Updates and Risks of Third-party Libraries in Java Projects. [PDF]
Kaifeng Huang, Bihuan Chen, Congying Xu, Ying Wang, Bowen Shi, Xin Peng, Yijian Wu, Yang Liu. Empirical Software Engineering, 27.4:90, 2022.
[ASE'21] REPFINDER: Finding Replacements for Missing APIs in Library Update. [PDF]
Kaifeng Huang, Bihuan Chen, Linghao Pan, Shuai Wu, Xin Peng. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, Melbourne, Australia, pp. 266-278, 2021.
[FSE'20] Interactive, Effort-aware Library Version Harmonization. [PDF]
Kaifeng Huang, Bihuan Chen, Bowen Shi, Ying Wang, Congying Xu, Xin Peng. In Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, pp. 518-529, 2020.
[ICSME'20] An Empirical Study of Usages, Updates and Risks of Third-Party Libraries in Java Projects. [PDF]
🏆IEEE TCSE Distinguished Paper Award

Ying Wang, Bihuan Chen, Kaifeng Huang, Bowen Shi, Congying Xu, Xin Peng, Yijian Wu, Yang Liu. In Proceedings of the 36th IEEE International Conference on Software Maintenance and Evolution, Adelaide, Australia, pp. 35-45, 2020.
[ASE'18] Cldiff: Generating Concise Linked Code Differences. [PDF]
🏆ACM SIGSOFT Distinguished Paper Award

Kaifeng Huang, Daihong Zhou, Bihuan Chen, Ying Wang, Wenyun Zhao, Xin Peng, Yang Liu. In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering, Montpellier, France, pp. 679-690, 2018.
[ICSA'20] Designdiff: Continuously Modeling Software Design Difference from Code Revisions. [PDF]
Xiao Wang, Lu Xiao, Kaifeng Huang, Bihuan Chen, Yutong Zhao, Yang Liu. In Proceedings of the IEEE International Conference on Software Architecture, Salvador, Bahia, Brazil, pp. 179-190, 2020.

Tools

CVEs found by VMUD:

CVE-2024-24891: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler/kernel.
CVE-2024-24898: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler/kernel.
CVE-2023-51437: Observable timing discrepancy vulnerability in apache/pulsar.
CVE-2023-41080: URL Redirection vulnerability in apache/tomcat.
CVE-2024-29645: Reserved vulnerability in radareorg/radare2.
CVE-2024-29646: Reserved vulnerability in radareorg/radare2.
CVE-2024-31668: Reserved vulnerability in rizinorg/rizin.
CVE-2024-31669: Reserved vulnerability in rizinorg/rizin.
CVE-2024-31670: Reserved vulnerability in rizinorg/rizin.

Academic Services

Reviewers and PC Members:

ACM Transactions on Software Engineering and Methodology
Journal of Software: Evolution and Process
AIWare Challenge, 2024
Research Track, ISSRE 2024
Research Track, ASE 2024
IEEE Transactions on Software Engineering
Journal of Systems & Software
Junior PC-Track, MSR 2024
Science of Computer Programming
Empirical Software Engineering
Artifact Evaluation Track, ESEC/FSE 2023
Automated Software Engineering Journal
IEEE Transactions on Reliability
Journal of Software (软件学报)
Artifact Evaluation Track, ICSE 2023
Tool Demo Track, SANER 2023/2024

Contact Me

Address: Room 408R, Jishi Building, No. 4800 Caoan highway, Shanghai, China.

Mail: kaifengh

Links: