Kaifeng Huang - 黄凯锋

Kaifeng Huang is an Assistant Professor (tenure-track) at School of Computer Science and Technology, Tongji University. Prior to that, he was a research fellow at Software Engineering Lab, Fudan University. He obtained his PhD from Fudan University in 2022.

His research interests focus on malleable software, software/AIware supply chain, and software security. He serves in the reviewer panels and program committees of IEEE Transactions on Software Engineering, ACM Transactions on Software Engineering and Methodology, ICSE 2027, FSE 2026, Journal of Systems & Software, ASE 2025/2024, ISSRE 2024, ICSE AE 2023, etc. He received the distinguished reviewer award at ASE 2025. He was the awardee of the ACM SIGSOFT Distinguished Paper Award at ASE 2018 and IEEE TCSE Distinguished Paper Award at ICSME 2020.

Research Interests

Malleable Software. As LLMs continue to improve in coding tasks, they enable a new paradigm of malleable software where systems are not rigidly predefined but can dynamically evolve to meet user expectations and adapt to diverse execution environments. This emerging paradigm opens up many fundamental and still unresolved challenges. My research aims to advance and ensure software quality and trustworthiness in this emerging paradigm.
Trustworthy Software & AI Supply Chains. My research aims to ensure the trustworthiness of software and AI supply chains by assessing their security, maintenance, and legal risks , while developing effective mitigation strategies . This work spans key areas including third-party library dependencies ( EMSE'22 , ICSME'20 ), dependency-related bugs in deep learning systems ( FSE'23 ), LLM pre-training membership inference risks ( AAAI'26 ), open-source license compliance ( ISSTA'24 ), API deprecation ( ASE'21 , ICSE'25 ), API compatibility ( JOS'24 ), library version evolution ( FSE'20 ), and software/code differences ( ASE'18 , ICSE'20 ).
Software Security. Software systems are inherently vulnerable to security threats. My research focuses on, but is not limited to areas such as vulnerability detection, assessment, and mitigation , malicious software/data detection , and privacy protection . This work spans key topics including recurring vulnerability detection ( CCS'24 ), vulnerability database quality ( FSE'22 , ICSE'24 , ASE'24 ), and malicious packages in ecosystems such as PyPI and NPM ( TOSEM'25 , USENIX Security'25 , ASE'24 ).

See my work

Highlights

VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching. Kaifeng Huang , Chenhao Lu, Yiheng Cao, Bihuan Chen, Xin Peng. In Proceedings of the 31th ACM Conference on Computer and Communications Security, Salt Lake City, United States, accepted, 2024.
Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities. Susheng Wu, Ruisi Wang, Kaifeng Huang , Yiheng Cao, Wenyan Song, Zhuotong Zhou, Yiheng Huang, Bihuan Chen, Xin Peng. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, United States, pp. 1447-1459, 2024.
Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities. Susheng Wu, Wenyan Song, Kaifeng Huang , Bihuan Chen, Xin Pen. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering (ICSE), Lisbon, Portugal, pp. 162: 1-12, 2024.

What's New?

[2026.02] I was invited to serve on the Program Committee of the Research Track at ICSE 2027 .
[2026.02] I was invited to serve on the Program Committee of the Research Paper Track at ICSME 2026 .
[2026.02] I was invited to serve on the Program Committee of the Research Paper Track at EASE 2026 .
[2025.11] Our paper titled "Uncovering Pretraining Code in LLMs: A Syntax-Aware Attribution Approach" is accepted by AAAI 2026 .
[2025.11] I was honored to be selected as a Distinguished Reviewer for the 40th IEEE/ACM International Conference on Automated Software Engineering (ASE 2025)!
[2025.06] I was invited to serve as a reviewer for the Chinese Journal of Computers.
[2025.06] I was invited to serve on the Program Committee of the Research Track at FSE 2026 .
[2025.06] I was invited to give a talk at the 1st International Workshop on Large Language Model Supply Chain Analysis (LLMSC 2025) !
[2025.06] I was invited to serve on the Program Committee of the SEIP Track on the APSEC 2025 . Welcome to submit your papers!
[2025.06] Our paper titled "MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem" is accepted by USENIX Security 2025 .
[2025.02] I was invited to serve on the Program Committee of the Research Track at ASE 2025 . Welcome to submit your papers!
[2025.02] I was invited to serve on the Program Committee at the 1st International Workshop on Large Language Model Supply Chain Analysis (LLMSC 2025) . Welcome to submit your papers!
[2025.01] Our paper titled "LLMs Meet Library Evolution: Evaluating Deprecated API Usage in LLM-based Code Completion" is accepted by ICSE 2025 .
[2025.01] I was invited to serve as a reviewer for the Transactions on Information Forensics & Security .
More
[2024.10] Our paper titled "Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence" is accepted by ACM Transactions on Software Engineering and Methodology .
[2024.08] Our paper titled "VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching" is accepted by CCS 2024 .
[2024.08] Our paper titled "Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities" is accepted by ASE 2024 .
[2024.08] Our paper titled "1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection" is accepted by ASE 2024 .
[2024.07] Our paper titled "Your "Notice" is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking" is accepted by ISSTA 2024 .
[2024.05] Our paper titled "Detecting Incompatible Third-Party Library APIs in Python Based on Static Analysis" is accepted by JOS .
[2024.03] I was invited to serve on the Program Committee of the Research Track at AIWare 2024 Challenge Track .
[2024.03] I was invited to serve on the Program Committee of the Research Track at ISSRE 2024 .
[2024.02] I have joined Tongji University as an Assitant Professor!
[2023.12] Our paper titled "Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions" is accepted by SANER 2024 .
[2023.12] Our paper titled "Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities" is accepted by ICSE 2024 .
[2023.12] I was invited to serve on the Program Committee of the Research Track at ASE 2024 .
[2023.07] One paper titled "Demystifying Dependency Bugs in Deep Learning Stack" is accepted by ESEC/FSE 2023 .
[2023.06] I was invited to serve on the Program Committee of the Artifact Evaluation Track at ESEC/FSE 2023 .
[2023.06] One paper titled "Characterizing the Complexity and Its Impact on Testing in ML-Enabled Systems - A Case Study on Rasa" is accepted by ICSME 2023 .
[2022.09] I was invited to serve on the Program Committee of the Artifact Evaluation Track at ICSE 2023 .
[2022.08] I was invited to serve on the Program Committee of Tool Demo Track at SANER 2023 .
[2022.06] One paper titled "Tracking Patches for Open Source Software Vulnerabilities" is accepted by ESEC/FSE 2022 .
[2022.04] I was awarded the Outstanding Graduate of Fudan University.
[2022.02] One paper titled "Characterizing Usages, Updates and Risks of Third-Party Libraries in Java Projects" is accepted by EMSE 2022 .
[2022.01] I joined Fudan University as a Postdoctoral Research Fellow.
[2021.12] I was honored to receive Fudan Super-PostDoctoral Fellowship.
[2021.12] I got my PhD from Fudan University. Thesis entitled "Third-Party Library Harmonization and Update Recommendation Based on API Analysis".
[2021.12] I was honored to give talks at " 2021 CCF Chinasoft Open Source Symposium" and "2021 CCF Chinasoft Doctoral Symposium"
[2021.07] One paper titled "RepFinder: Finding Replacements for Missing APIs in Library Update" is accepted by ASE 2021 .

Publications

[AAAI'26] Uncovering Pretraining Code in LLMs: A Syntax-Aware Attribution Approach. [PDF][BIB]
Yuanheng Li, Zhuoyang Chen, Xiaoyun Liu, Yuhao Wang, Mingwei Liu, Yang Shi, Kaifeng Huang, Shengjie Zhao. In Proceedings of the 40th Annual AAAI Conference on Artificial Intelligence , Singapore, 40(1), pp. 721-729, 2026.
[USENIX Security'25] MalGuard: Towards Real-Time, Accurate, and Actionable Detection of Malicious Packages in PyPI Ecosystem. [PDF][BIB]
Xingan Gao, Xiaobing Sun, Sicong Cao, Kaifeng Huang, Di Wu, Xiaolei Liu, Xingwei Lin, Yang Xiang. In Proceedings of the 34th USENIX Security Symposium, SEATTLE, WA, United States, pp. 4741-4758, 2025.
[ICSE'25] LLMs Meet Library Evolution: Evaluating Deprecated API Usage in LLM-based Code Completion. [PDF][BIB]
Chong Wang, Kaifeng Huang, Jian Zhang, Yibo Feng, Lyuye Zhang, Yang Liu, Peng Xin. In Proceedings of the 47th IEEE/ACM International Conference on Software Engineering, Ottawa, Ontario, Canada, pp. 885-897, 2025.
[TOSEM'25] Killing Two Birds with One Stone: Malicious Package Detection in NPM and PyPI using a Single Model of Malicious Behavior Sequence. [PDF][BIB]
Junan Zhang, Kaifeng Huang, Yiheng Huang, Bihuan Chen, Ruisi Wang, Chong Wang, Xin Peng. ACM Transactions on Software Engineering and Methodology, 34(4), pp. 1-28, 2025.
[CCS'24] VMUD: Detecting Recurring Vulnerabilities with Multiple Fixing Functions via Function Selection and Semantic Equivalent Statement Matching. [PDF][BIB]
Kaifeng Huang, Chenhao Lu, Yiheng Cao, Bihuan Chen, Xin Peng. In Proceedings of the 31th ACM Conference on Computer and Communications Security, Salt Lake City, United States, pp. 3958-3972, 2024.
[ASE'24] Vision: Identifying Affected Library Versions for Open Source Software Vulnerabilities. [PDF][BIB]
Susheng Wu, Ruisi Wang, Kaifeng Huang, Yiheng Cao, Wenyan Song, Zhuotong Zhou, Yiheng Huang, Bihuan Chen, Xin Peng. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, United States, pp. 1447-1459, 2024.
[ASE'24] 1+1>2: Integrating Deep Code Behaviors with Metadata Features for Malicious PyPI Package Detection. [PDF][BIB]
Xiaobing Sun, Xingan Gao, Sicong Cao, Lili Bo, Xiaoxue Wu, Kaifeng Huang. In Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, Sacramento, California, United States, pp. 1159-1170, 2024.
[ISSTA'24] Your "Notice" is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking. [PDF][BIB]
Kaifeng Huang, Yingfeng Xia, Bihuan Chen, Siyang He, Huazheng Zeng, Zhuotong Zhou, Jin Guo, Xin Peng. In Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis, Vienna, Austria, pp. 1022-1034, 2024.
[JOS] 基于静态分析的Python第三方库API兼容性问题检测方法 (Detecting Incompatible Third-Party Library APIs in Python Based on Static Analysis). [PDF][BIB]
沈阚, 黄凯锋, 陈碧欢, 彭鑫. 软件学报（Journal of Software）, 36(4), pp. 1435-1460, 2024.
[SANER'24] Enhancing Field Tracking and Interprocedural Analysis to Find More Null Pointer Exceptions. [PDF][BIB]
Dongfang Xie, Bihuan Chen, Kaifeng Huang, Yu Wang, Linghao Pan, Zhicheng Chen, Xin Peng. In Proceedings of the 31st IEEE International Conference on Software Analysis, Evolution and Reengineering, Rovaniemi, Finland, pp. 849-859, 2024.
[ICSE'24] Identifying Affected Libraries and Their Ecosystems for Open Source Software Vulnerabilities. [PDF][BIB]
Susheng Wu, Wenyan Song, Kaifeng Huang, Bihuan Chen, Xin Peng. In Proceedings of the 46th IEEE/ACM International Conference on Software Engineering, Lisbon, Portugal, pp. 162: 1-12, 2024.
[FSE'23] Demystifying Dependency Bugs in Deep Learning Stack. [PDF][BIB]
Kaifeng Huang, Bihuan Chen, Susheng Wu, Junmin Cao, Lei Ma, Xin Peng. In Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, San Francisco, California, United States, pp. 450-462, 2023.
[ICSME'23] Characterizing the Complexity and Its Impact on Testing in ML-Enabled Systems - A Case Study on Rasa. [PDF][BIB]
Junming Cao, Bihuan Chen, Longjie Hu, Jie Gao, Kaifeng Huang, Xin Peng. In Proceedings of the 39th IEEE International Conference on Software Maintenance and Evolution, Bogotá, Colombia, pp. 258-270, 2023.
[FSE'22] Tracking Patches for Open Source Software Vulnerabilities. [PDF][BIB]
Congying Xu, Bihuan Chen, Chenhao Lu, Kaifeng Huang, Xin Peng, Yang Liu. In Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, pp. 860–871, 2022.
[EMSE'22] Characterizing Usages, Updates and Risks of Third-party Libraries in Java Projects. [PDF][BIB]
Kaifeng Huang, Bihuan Chen, Congying Xu, Ying Wang, Bowen Shi, Xin Peng, Yijian Wu, Yang Liu. Empirical Software Engineering, 27.4:90, 2022.
[ASE'21] REPFINDER: Finding Replacements for Missing APIs in Library Update. [PDF][BIB]
Kaifeng Huang, Bihuan Chen, Linghao Pan, Shuai Wu, Xin Peng. In Proceedings of the 36th IEEE/ACM International Conference on Automated Software Engineering, Melbourne, Australia, pp. 266-278, 2021.
[FSE'20] Interactive, Effort-aware Library Version Harmonization. [PDF][BIB]
Kaifeng Huang, Bihuan Chen, Bowen Shi, Ying Wang, Congying Xu, Xin Peng. In Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Singapore, pp. 518-529, 2020.
[ICSME'20] An Empirical Study of Usages, Updates and Risks of Third-Party Libraries in Java Projects. [PDF][BIB]
🏆IEEE TCSE Distinguished Paper Award

Ying Wang, Bihuan Chen, Kaifeng Huang, Bowen Shi, Congying Xu, Xin Peng, Yijian Wu, Yang Liu. In Proceedings of the 36th IEEE International Conference on Software Maintenance and Evolution, Adelaide, Australia, pp. 35-45, 2020.
[ASE'18] Cldiff: Generating Concise Linked Code Differences. [PDF][BIB]
🏆ACM SIGSOFT Distinguished Paper Award

Kaifeng Huang, Daihong Zhou, Bihuan Chen, Ying Wang, Wenyun Zhao, Xin Peng, Yang Liu. In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering, Montpellier, France, pp. 679-690, 2018.
[ICSA'20] Designdiff: Continuously Modeling Software Design Difference from Code Revisions. [PDF][BIB]
Xiao Wang, Lu Xiao, Kaifeng Huang, Bihuan Chen, Yutong Zhao, Yang Liu. In Proceedings of the IEEE International Conference on Software Architecture, Salvador, Bahia, Brazil, pp. 179-190, 2020.

Tools

CVEs found by VMUD :

CVE-2024-24891 : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler/kernel .
CVE-2024-24898 : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler/kernel .
CVE-2023-51437 : Observable timing discrepancy vulnerability in apache/pulsar .
CVE-2023-41080 : URL Redirection vulnerability in apache/tomcat .
CVE-2024-29645 : Reserved vulnerability in radareorg/radare2 .
CVE-2024-29646 : Reserved vulnerability in radareorg/radare2 .
CVE-2024-31668 : Reserved vulnerability in rizinorg/rizin .
CVE-2024-31669 : Reserved vulnerability in rizinorg/rizin .
CVE-2024-31670 : Reserved vulnerability in rizinorg/rizin .

Academic Services

Journal Reviewers:

Springer Cybersecurity
IEEE Transactions on Computational Social Systems
IEEE Transactions on Information Forensics & Security
ACM Transactions on Software Engineering and Methodology
Journal of Software: Evolution and Process
IEEE Transactions on Software Engineering
Journal of Systems & Software
Science of Computer Programming
Empirical Software Engineering
Automated Software Engineering Journal
IEEE Transactions on Reliability
Chinese Journal of Computers (计算机学报)
Journal of Software (软件学报)

Conference PC Members:

Research Track, ICSE 2027
Research Paper Track, ICSME 2026
Main Technical Conference, AAAI 2026
智能化基础软件可信构造与供应链安全专刊, CCF ChinaSoft 2025
Research Track, FSE 2026
SEIP Track, APSEC 2025
Research Track, ASE 2025
The 1st International Workshop on Large Language Model Supply Chain Analysis (LLMSC 2025)
面向复杂系统的软件分析与测试专刊《Automated Software Engineering Journal》, CCF ChinaSoft 2024
Early Research Achievement, SANER 2025
AIWare Challenge, 2024
Research Track, ISSRE 2024
Research Track, ASE 2024
Junior PC-Track, MSR 2024
Artifact Evaluation Track, ESEC/FSE 2023
Artifact Evaluation Track, ICSE 2023
Tool Demo Track, SANER 2024
Tool Demo Track, SANER 2023

Invited Talks:

“从可塑性视角看大模型时代的系统软件形态”，CCF系统软件专委战略研讨会，苏州，江苏，CCF业务总部，2026-03-22.
“智能软件工程视角下的开源风险检测”，CCF软件工程专委会青年论坛“智能化软件工程”学术报告会，辽宁，沈阳，东北大学，2025-10-26.
"Toward Understanding Risks in Large Language Model Supply Chain: A Preliminary and Prospective Analysis", The 2nd International Workshop on Large Language Model Supply Chain Analysis (LLMSC 2026), Montreal, Canada, Co-located with FSE'26, 2026-07-05.
“数据驱动的开源风险治理提升”，扬州大学信息工程学院（人工智能学院）专家报告，线上，2025-04-22.
“数据驱动的开源风险治理提升——精细化与智能化思路探索”，CCF形式化方法专委会青年学术论坛高可信人机物智能软件与系统研讨会，上海，华东师范大学，2025-03-28.